For businesses today, any downtime caused by cyberattacks, including ransomware, can be costly in terms of time, resources, regulatory fines and reputation. Therefore, organizations must strive to ensure that they do not stop in the face of the increasing number of ransomware attacks and cyber threats.
Data protection is at the heart of this, and although these are the “crown jewels” of organisations, they often fall into the hands of cybercriminals, with reactive workflows falling between IT and security, leaving companies tempted to pay ransoms. Advanced data observability and threat hunting are just a few of the ways organizations can bolster their defenses against ransomware, yet many lack the resources to engage in such activities.
To know more, Computing spoke with James Blake, Field CISO in EMEA at Rubrik, ahead of his conference sessions at the Rubrik FORWARD 2022 Annual User Conference, taking place virtually May 17-19, 2022.
What is the current state of ransomware amid the pandemic and an increase in hybrid work?
“What ransomware has shown us is the lack of cyber resilience and operational resilience of organizations. The ability of IT and security to work together, to have integrated processes, integrated systems, to failing to build fragile systems in the first place and having the ability to withstand and endure an attack is lacking And, if we fail to build resilience into the way we operate and build systems now – especially during digital transformation – all of that same fragility will transfer to our cloud infrastructure, and we’re not going to learn the lessons of resilience by dealing with ransomware.
“We know an incident is going to happen, so let’s deal with it and reduce the impact by building our resilience and ability to respond, and treat incidents as if nothing happened – and that’s what Rubrik does. .”
What tools and strategies are organizations deploying to respond to the increase in ransomware attacks and halt the shutdown of their operations?
“Organizations have, on average, around 130 different security controls, which contributes to increased licensing complexity and cost, and around 80-90% of the budget is spent on prevention and detection solutions, so we’re not learning our lesson. Lots of silver bullets and very little meaningful integration and operationalization.
“And just as IT is migrating to the cloud, at the same time security is busy building on-premises infrastructure and staffing it with multiple employees, all while there’s a global shortage of IT skills. cybersecurity. Spending is increasing, complexity is increasing, alerts are increasing, but operational capability is often not. We are in a place where we are seeing the law of diminishing returns on full-scale plausibility-based controls. So, is the needle really moving? I don’t know, I think so.”
How have Rubrik’s customers adapted their use of your products and services to this new landscape?
“Rubrik’s customers have really understood how to apply the platform. What we’re seeing now is that they really understand the ‘identify phase’, where they can identify regulated data. organizations don’t know where their data is, and if they do – the reality is that operations teams must work around official repositories of data that are rarely the sole source of truth to do their jobs. Rubrik customers can discover their regulated and mission-critical data across the diverse workloads we manage without the deployment of encore- We see them applying the Zero Trust data security approach and capabilities for protecting their data, to put it out of reach adversaries. And for detection, we see them apply our capabilities to detect malicious artifacts used in an attack, as well as alerts. es about malicious deletion and data encryption.
“When we get to the response stage, we see them using features that allow them to live mount file systems over time to support incident investigation and forensics and we see them in a proactively review their workloads with threat hunting – and look for those between your protection/detection checks.During the recovery phase, they apply this intelligence to recover only the data they need and not the malicious data or infected.
How important is threat hunting and do organizations have the resources and know-how to engage in it?
“Part of the challenge of threat hunting is the time it typically takes to leverage threat hunting. This can take months or even years. those tools, you have to manage those tools, you have to put infrastructure management in place – and then when your environment comes back to the drawing board there are a lot of different ways to hunt threats, my view is that it’s It’s a bit about the waistband and suspenders and there’s a place for each of them.It’s a bigger topic that we’ll explore in more detail at FORWARD.
What steps can organizations take to become proactive rather than reactive in their approach to cybersecurity?
“The first thing is to understand what you are protecting. That is the most important. I see so many organizations that have security but no risk management – they don’t know what they should be protecting or what ‘they are responsible from a compliance perspective, that’s a big deal.
“Value really resides in the data, and where the data resides, and how the data supports business processes. Many CMDBs today only have hardware and software details – the things we can now instantiate in seconds thanks to orchestration tools, virtualization and the cloud… but often they don’t know where the data is, what is the value that is irreplaceable, who has the obligation of compliance and who is the target of attackers .So the first thing they need to do is understand that data, understand how it supports the business, and understand where that data resides.Once you know where your data is, it’s time to do your assessment of the risks and bring value to the company.
What would you say to organizations tempted to pay ransoms following a successful attack?
“Don’t. There’s no guarantee you’ll get what you want out of it. By paying ransomware, you could end up funding a criminal organization, and it may even violate international sanctions, and your shareholders may or What you need to do is have an honest conversation with the business about their ability to stop and prevent an attack, and then work collaboratively on a resiliency strategy.
“If your first idea is to add the 131st tool in an effort to prevent ransomware, that won’t change the fact that you will be targeted repeatedly and – let’s not forget that malware continues to bypass these tools. Malware and ransomware share a lot of similarities with only the different type of impact at the end of the chain. It’s a numbers game, eventually it will hit you. Spend on impact reduction and resilience , then you won’t need to pay the ransom and you get a better security ROI than another prevention tool.”
To learn more about how to protect your organization against cyber threats, log on to FORWARD 2022.
This post is sponsored by Rubrik