In the rush towards digital transformation, individual lines of business in organisations, have built up collections of unconnected systems, each generating a diversity of data. While these systems are suitable for rapidly launching services and are aimed at solving individual challenges, digital enterprises will need to take a platform approach to unlock the full value of the data they generate.
Data-driven enterprises can increase revenue and shift to higher margin offerings through personalisation tools, such as recommendation engines and dynamic pricing. Cost cutting can be achieved with predictive maintenance that relies on streaming sensor data integrated with external data sources. Increasingly, advanced organisations will monetise their integrated data by providing insights as a service.
Digital enterprises face new challenges – growing complexity, data explosion, and skills gap.
Here are 5 ways in which IT teams can mitigate these challenges.
- Data & AI projects must focus on data access. When the organisation can unify data and transmit it securely wherever it needs to, it will be ready to begin developing applications that utilise machine learning, deep learning, and AI.
- Transformation requires a hybrid cloud platform. Hybrid cloud provides the ability to place each workload in an environment that makes the most sense for the business, while still reaping the benefits of a unified platform.
- Application modernisation unlocks future value. The importance of delivering better experiences to internal and external stakeholders has not gone down; new experiences need modern applications.
- Data management needs to be unified and automated. Digital transformation initiatives result in ever-expanding technology estates and growing volumes of data that cannot be managed with manual processes.
- Cyber strategy should be Zero Trust – backed by the right technologies. Organisations have to build Digital Trust with privacy, protection, and compliance at the core. The Zero Trust strategy should be backed by automated identity governance, robust access and management policies, and least privilege.
Read below to find out more.
Download The Future of Business: 5 Ways IT Teams Can Help Unlock the Value of Data as a PDF
There are two types of organisations – those that know that they have had a cybersecurity breach and those that don’t. With ransomware accounting for a rapidly growing proportion of breaches, not knowing you have been breached is less likely. In the last two months, we have seen a series of devastating ransomware attacks. These have included attacks on critical infrastructure, Colonial Pipeline and JBS, and the more recent supply chain attack on Kaseya, infecting its customers’ customers with ransomware. We’ve also seen an increase in attacks on soft targets such as schools and hospitals.
What is ransomware? Well, it’s a type of malware that specialises in encrypting the victim’s data and demands a ransom for a decryption key which may or may not work. If the victim fails to pay, their data could be sold or published online. More worryingly, if the victim pays, their data could still be sold or published online, prolonging the agony. Common ransomware families include REvil, Locky, Wannacry, Cerber, NotPetya, Maze and Darkside.
Why is Ransomware Becoming more Widespread?
Increased digitisation, remote working, accelerated adoption of cloud computing and growth in IoT devices, have expanded the attack surface for threat actors – offering more vulnerabilities that can be exploited. Launching a ransomware attack is a relatively easy and low-risk way to make money for cyber-criminals. Threat actors are usually outside the jurisdiction where the attack takes place and are typically protected by the absence of extradition treaties between the country where the crime occurred and the country from where the attack was launched. As well as posing a remarkably low risk to the attacker the rewards from a successful ransomware attack are potentially very large. Ransomware as a service (RaaS) kits can be purchased on the dark web for a few hundred dollars and if used repeatedly are likely to find at least one victim. Cryptocurrencies such as bitcoin make it virtually impossible for law enforcement authorities to track ransom payments. Consequently, the rapid growth in ransoms combined with the increasing risk of successful ransomware attacks is leading to banks stocking up on bitcoin. This allows their customers to quickly pay ransoms.
How to Mitigate the Risks?
Companies will not be able to completely eliminate the risk of ransomware attacks. They can, however, mitigate the risk of these attacks with a zero-trust approach to cybersecurity, renewed focus on training and awareness programs, and well-prepared and rehearsed incident response plans.
Rigorously applying the principle of least privilege will make it harder for threat actors to gain the credentials that they need to move laterally within systems and networks. Segmenting networks and isolating workloads will limit the blast radius of attacks. Training and awareness campaigns will make employees less likely to download malware via phishing attacks or other social engineering activities. Ensuring that all sensitive data is classified and encrypted will make double extortion more difficult – a miserable scenario where the victim pays a ransom for a decryption key and is then asked to pay a further ransom for the dubious promise that stolen data will not be leaked.
Protecting against supply chain ransomware attacks, such as the Kaseya breach, is fiendishly difficult. In the case of Kaseya, attackers identified a zero-day vulnerability in its VSA IT management and monitoring tool. An update was then infected with ransomware and shared with managed service providers, who, in turn infected their customers with the ransomware.
Rehearsed incident response plans that prepare for a successful ransomware attack are essential controls against such threats. A critical component of such a plan is backup and recovery. Backups are increasingly being targeted in well-orchestrated attacks so companies must find ways of ensuring that their data is stored in at least one immutable destination. This means that they can recover quickly – often almost instantly if the process is automated.
If companies follow cybersecurity best practices such as those outlined above, they should be able to manage ransomware risk and the misery associated with these attacks. If a ransomware attack occurs, well-prepared companies will be able to recover rapidly and be comfortable in the knowledge that the data which has been stolen is of little or no value to the attackers.