Executive Viewpoint 2017 Prediction: DataGravity – Get Ready for Ransomware in 2017
Sometimes there has to be some inconvenience to keep things safe. Products today can, with varying degrees of success, diagnose when ransomware is happening. The first line of defense is to raise an alert when anonymous activity that looks like ransomware occurs; the follow up is usually to shut off the user. Depending on how aggressive the policies are, these actions could happen in parallel. The risk of misdiagnosis is non-zero. It could in fact stop important work from proceeding depending on the action taken. Many IT folks are reluctant to automatically shut down a user, but the best defense is a good offense.
Change in the ransomware and cybersecurity space is well overdue. On the bright side, 2017 will probably see those tides begin to turn. Below are four ways organization leaders, legislators, IT pros and non-technical staff members can work together to reduce ransomware threats in 2017.
1. CIOs and C-suite Execs Need to Look at Solutions Holistically, Not Just as a Set of Point Products
One thing we can learn from recent data security history is that just being on defense isn’t going protect you. To play both sides, you’ll need to be strategic and tactical in your implementation. This is not a one-man show. You’ll need complementary products that work together to protect various layers of your infrastructure. Ransomware exposes itself at different layers of the IT stack, and its fingerprint is different in each layer. The first product that sees something wrong at its layer needs to be able to attempt to stop further progress and let the other layers know what to expect, so they can proactively protect data.
Sounds great, but what does this mean? Network monitoring and flight recorder products can see the traffic pattern for ransomware, but they cut the specifics off the network. Client endpoint software can see the odd traffic, memory usage or compute for a particular client and shut that client down. Storage can see the anomalous user behavior and take a storage snapshot to freeze the scene. There are lots of techniques for discovering ransomware, and they morph as the ransomware because more sophisticated.
2. CIOs and C-suite Execs Should Focus on Security Education and Action Plans for All Employees
As security threats grow in the enterprise, the number of dedicated experts working to keep them in check is dwindling. A similar trend took place in IT when the industry’s focus turned to automation and virtualization. As a result, IT tools and solutions became more focused on self-service to account for a lack of professionals trained to manage specific tasks – and the same pattern is beginning to emerge in cybersecurity, as business leaders are encouraging all employees to take responsibility for protecting their data.
CIOs and other business leaders can arm their employees to defeat security threats in a few ways: education and training to identify suspicious activity, tech solutions to manage and protect sensitive data, and clear response plans all contribute to the effort. Instead of proclaiming, “that’s not my job,” or mistaking a lack of failure in the security protection space for the company’s success, leaders should encourage all employees to work together with sensitive data protection as a common goal. On the IT side, data analysis and auditing will prove to be key components of this effort, as many security threats remain dormant for long periods of time before effects become noticeable.
3. Ransomware Recovery is About to Become Part of Disaster Recovery (DR) Planning
Companies, either by mandate and/or smart leadership, are required to have a DR plan and to test the efficacy of this plan on a regular basis. For example, Florida mandates that state agencies test their DR plans several times a year. Since it’s highly more likely for a site to be hit by ransomware than a natural disaster, one could see ransomware response and recovery being part of DR planning.
4. Cybersecurity is Getting More Personal Than Ever, but Individuals Won’t Up Their Private Data Without a Fight
One interesting element in the fight to improve cybersecurity is the sheer amount of data that’s readily available to the public. A quick Google search can uncover information about nearly anyone, including many details the owner of that information probably considers private – including the person’s own search history. As consumers use more Internet of Things (IoT) devices, such as smart phones, fitness trackers and home devices, the nature of sensitive customer information that companies prize (and individuals protect) is changing. At the same time, this data is becoming more available to attackers – and individuals are realizing they have a personal stake in the fight to defend its security.
Unfortunately, in many industries, a conflict or disaster usually precedes change, such as a plane crash leading to tighter air traffic control policies. As ransomware and security threats increase and the fallout from such threats affects people on an increasingly deep level, we’re going to see consumers, IT pros, business leaders and legislators personally advocate for better security practices. Through data auditing and analytics, it’s possible to improve the security landscape for all involved.