In 2021, one ransomware attack struck every 11 seconds. This year, the figure will double.
These stark figures from Cybersecurity Ventures highlight how successful these attacks have become. If ransomware attacks weren’t working, if they weren’t generating profits for cybercrime gangs or meeting the strategic aims of nation-state groups, they wouldn’t be so prevalent.
During Rubrik’s recent Data Security Talks event, Michael Mestrovich, Rubrik CISO and former CIA CISO, put the scale of the threat into perspective.
“The cybercrime business is on track to become a $10 trillion business by 2025,” he said. “That will make it the third largest economy on the planet.”
Mestrovich said with so much money to be made, attacks would only continue to increase.
“How do we disrupt the economic advantage the cybercrimes market has today? Recovering ransomware payments is one of those, data security is another way to do that.
“We know cyber criminals are after data. That’s the goal. To monetise data by making you pay a ransom, to sell it somewhere, or use it against you – so how do we ensure the data can’t be used against you?”
It’s All About Data
Data is the most critical asset businesses own today. It helps organisations be more successful, to gain a competitive edge, and to make better business decisions. It powers critical infrastructure, hospitals, and government services.
Attackers understand this all too well. If they can deny an organisation access to its own data, and extend that period for as long as possible, the victim is more likely to pay.
With this in mind, it’s no surprise that one of the first objectives attackers have following a successful breach is encrypting back up data.
Without data, operations grind to a halt. Without back up data, recovery is almost impossible. Faced with the prospect of days, weeks, or even months between a ransomware attack and operations resuming, paying the ransom can seem the lesser of two evils.
But it doesn’t need to be.
Anatomy of an Attack
In the immediate aftermath of that spine-chilling ransom demand appearing on the screen, a victim traditionally has two options – pay the ransom or attempt to recover.
Even if choosing to bite the bullet and pay the ransom, recovery is far from instantaneous.
While negotiations unfold and the specified cryptocurrency is secured, it can take days before the decryption key is received. Once received, it can then take weeks to run the decryption process across all the impacted data. All the while, operations are severely – if not entirely – compromised.
The second option is to attempt recovery from legacy backups. The first step is to engage IT and Security Operations teams. These two cohorts generally don’t collaborate with each other, so by the time they’re fully engaged days have gone by with operations impacted.
From here, recovery hinges on five key questions.
Has sensitive data been compromised? What’s the full scope of the attack? Can reinfection be prevented? Can we recover quickly? Is data recoverable at all?
Traditionally, each of these questions take days to answer at best – days the business is down.
It’s time for a new approach; Zero Trust Data Security.
During Rubrik’s recent Data Security Talks event, we gathered some of world’s best cyber security minds to explore how Zero Trust Data Security can turn catastrophic ransomware events into minor inconveniences.
With experts like former CIA CISO, Michael Mestrovich, Director of Cybercrime at Interpol, Craig Jones, and Director of ASPI’s International Cyber Policy Centre, Fergus Hanson, unpacking cyber trends, challenges, and approaches, this is a must-see event.
To see the sessions on demand, please visit: https://www.rubrik.com/company/events/data-security-talks-apac-roadshow/sydney
