For today’s business, any stay caused by cyber attacks, including ransomware, can be costly in terms of time, resources, regulatory fines and reputation. That’s why organizations need to work to ensure they don’t stop when faced with a growing number of ransomware attacks and cyber threats.
Data protection is central to this, and although it is the crown jewel of organizations, it often falls into the hands of cybercriminals, with responsive workflows collapsing into the gaps between IT and security, leaving businesses tempted to pay ransoms. Increased data visibility and threat detection are just some of the ways in which organizations can strengthen their protection against ransom software, but many do not have the resources to engage in such activities.
What is the current state of ransomware in the context of the pandemic and the increase in hybrid work?
“What ransomware has shown us is the lack of cyber and operational resilience of organizations. The ability of IT and security to work together, to have integrated processes, integrated systems, not to create fragile systems in the first place and to have the ability to withstand and withstand an attack is lacking. And if we fail to build resilience the way we work and build systems now – especially as we go through digital transformation – all this fragility will be transferred to our cloud infrastructure and we will not learn the lessons of resilience from ransomware.
“We know there will be an accident, so let’s deal with them and reduce the impact by building our resilience and our ability to react and deal with incidents as usual – and that’s what Rubric does.”
What tools and strategies do organizations implement to respond to the increase in ransomware attacks and stop operations?
“Organizations have an average of about 130 different security controls, which increases the complexity and cost of licensing, and about 80-90 percent of the budget is spent on preventive and detective solutions, so we don’t learn the lesson. Lots of silver bullets and very little meaningful integration and operationalization.
“And just as IT departments move to the cloud, at the same time security is busy building local infrastructures and providing them with multiple employees, while there is a global shortage of cybersecurity skills. So costs are rising, complexity is rising, signals are rising, but operational capability is often not. We are in a place where we see the law of diminishing returns on probability-focused controls on a full scale. So, is the needle really moving? I do not think so.”
How have Rubrik customers adapted the way they use your products and services for this new landscape?
“Rubrik’s customers have really figured out how to implement the platform. What we are seeing now is that they really understand the ‘identification stage’, where they can identify regulated data. Most organizations don’t know where their data is, and if they do, the reality is that operational teams have to work around official data warehouses, which are rarely the only source of truth to get the job done. Rubrik customers can find their regulated and critical data in the various workloads we manage, without the implementation of another tool. We see that they are applying a zero-confidence approach to data protection and the ability to protect their data to put it out of the reach of opponents. And for detection, we see how they apply our ability to detect malicious artifacts used during an attack. as well as a warning about malicious deletions and data encryption.
“When we get to the response stage, we see that they use features that allow them to mount live file systems over time to support incident investigation and forensics, and we see them proactively looking at their search workloads. of threats – and look for these gaps between your security / detective controls. At the recovery stage, they apply this intelligence so that they only recover the data they need, not malicious or infected data. “
How important is the pursuit of threats and do organizations have the resources and know-how to get involved?
“Part of the challenge of looking for threats is the typical time it takes to get any value out of looking for threats. It can take several months to years. You need to train a team to use the tools, you need to implement these tools, you need to manage these tools, you need to put infrastructure management in place – when your environment changes its back on the drawing board. There are many different ways to hunt threats. my point is that it’s a little belt and buckles and there’s room for all of them. This is a broader topic and we will look at it in more detail in FORWARD. “
What steps can organizations take to become proactive rather than reactive in their approach to cybersecurity?
“The first thing is to understand what you are defending. This is the biggest. I see so many organizations that have security but not risk management – they don’t know what to protect or what they are in terms of compliance. This is a big problem.
“The value is really in the data, where the data is and how the data supports business processes. So many CMDBs today have only hardware and software details – things we can now instantiate in seconds thanks to orchestration, virtualization, and cloud tools … but they often don’t know where the data is, what the value is, is irreplaceable. which has an obligation to comply and this is the goal of the attackers. So, the first thing they need to do is understand this data, find out how it supports the business, and find out where that data is. Once you know where your data is, it’s time to do your risk assessment and add value to the business. “
What would you say to organizations tempted to pay ransoms after a successful attack?
“Don’t do it. There is no guarantee that you will get what you want from him. By paying for ransomware, you may be financing a criminal organization, and it may even violate international sanctions, and your shareholders may or may not thank you for it. What you need to do is have an honest conversation with the business about its readiness to stop and prevent an attack, and then work together on a sustainability strategy.
“If your first thought is to add the 131st tool in an attempt to prevent ransomware, this will not change the fact that you will be repeatedly targeted and – let’s not forget that malware still goes through these tools. Malware and ransomware share many similarities, with only the type of impact differing at the end of the chain. This is a numbers game that will eventually hit you. Spend on reducing impact and sustainability, after which you won’t have to pay a ransom and get a better return on your security investment than another preventative tool. “
To hear more about how to protect your organization against cyber threats, tune in NEXT 2022.
This post is sponsored by Rubrik