Virtualization and Cloud executives share their predictions for 2017. Read them in this 9th annual VMblog.com series exclusive.
Contributed by Paula Long, CEO and co-founder of DataGravity2017 Forecast: Ransomware on the rising horizon
How aggressive should your company's response to a ransomware threat be?
In today's security landscape, it's a question without a clear answer. Yes, some solutions on the market can detect when a ransomware attack is taking place. They can alert users about access patterns and behavior that follows ransomware's usual patterns. Depending on the solution, following a manual go-ahead or automatic trigger, the account belonging to the user in question will shut down. If the initial detection process was correct in identifying a ransomware instance, an automatic strategy could save the day.
Although the best defense is a good offense, ransomware sensors may not be correct one hundred percent of the time. By mistakenly shutting down an innocent user, aggressive response tactics could actually stand in the way of important remediation work. Along with beefing up automatic defense, IT teams and vendors alike should consider a holistic approach to identifying and addressing security risks. Below are a few ways this focus will play out in the next year.
1. Education and action plans will move security efforts forward.
Have you ever seen a football team score with only their defensive line? Data security operates much like football, with defense tactics only being one part of the recipe for success.
Organizations should operate like sports teams - preparing their offensive and defensive lines in a strategic way to combat threats. To find the right balance, you'll need solutions that address different layers of the IT stack and complement one another in the IT ecosystem as a whole. Some security threats, such as ransomware, will appear in different ways as they affect various levels of the stack. If solutions at each level communicate with one another, from the perimeter to core data storage, your organization will be able to track the threat's traffic pattern and protect your data.
2. All hands are on deck for security support.
There's a dwindling amount of dedicated security experts in today's enterprise. At the same time, the amount and severity of threats are growing. In the same way that IT solutions adopted a self-service approach years ago, when automation and virtualization began to dominate the enterprise, the same shift is now taking place in cybersecurity.
Business leaders and CIOs are encouraging employees to take responsibility for data security. Education and specific training will be key aspects of making this effort successful. Insights that recognize suspicious activity, clear response plans and technologies that identify, manage and protect sensitive data are also vital. By working together, employees at every level can make sensitive data protection their goal and adopt policies that help shut down security threats at the start.
3. Disaster recovery initiatives will begin to include ransomware.
Many people hear the phrase "disaster recovery" and it conjures up images of the infamous tornado scene from the Wizard of Oz. And while disaster recovery plans protect organizations from a variety of unforeseen issues including natural disasters, they also protect against hardware failures and human errors. Smart companies test these plans on a regular basis to ensure that if a hurricane does indeed hit the data center, the company can get back up and running as soon as possible without losing data or experiencing massive downtime. In the current security environment, ransomware and other security attacks are a more common occurrence than natural events. As a result, ransomware response and recovery will soon become a standard part of DR planning and testing initiatives.
4. Cybersecurity is getting personal.
Go ahead, Google me - or your colleague, friend or new contact. For most individuals, the amount of personal data available to the public is staggering, including search histories and Internet of Things (IoT) device information. As this consumer data grows, the type of information that users consider private and requiring protection is changing. That personal data is also becoming more available than ever to attackers, causing consumers to realize they have personal motivation to tighten cybersecurity. This personal information makes it easier for the attackers to lure you into trigger ransomware, since the notes they send you could be personalized for you.
Ransomware is a franchise business. Like all businesses, it will continue to grow and become more suave as the potential for profit grows. Deciding whether or not to pay the ransom is a hard choice. If you pay, you are making the business more attractive to those who wish to pursue this type of business. If the business is not lucrative, perhaps we will see a reduction in the number of franchises that startup.
About the Author
Paula brings more than 30 years of experience in high-tech innovation to DataGravity. She is an industry expert on enterprise data management, security, protection and storage. Paula has led two major shifts in data management and storage - the first as co-founder and senior vice president of products at EqualLogic, where she lead the transition to automated storage management. This capability is now table stakes for any storage appliance, and EqualLogic was acquired by Dell for $1.4 billion in 2008. Paula remained at Dell as vice president of storage until 2010. The second shift took place when Paula became co-founder and CEO of DataGravity, a leader in data security focused on protecting data in virtual environments.
Paula's executive and technical leadership has been extensively recognized, including the New Hampshire High Tech Council Entrepreneur of the Year award, the Ernst & Young 2008 Northeast Regional "Entrepreneur of the Year" and a national finalist for the same award. She is a graduate of Westfield State College.