Ransomware, Sabotage & Co: 

The 5 biggest threats to your data – and how to protect yourself

The amount of data generated and stored has increased dramatically in recent decades. Since almost all processes today are data-based, the loss of access or control is often life-threatening for businesses, cripples hospitals and municipalities, and can affect elections and wars. Therefore, data security is as old as data storage. But with the growing importance of data, the threat is also steadily increasing. It is vital to provide protection against loss of control at all levels.

#1: Encryption and deletion

In the classic ransomware scenario, a successful attack usually ends with the encryption of as much data as possible. To decrypt requires special software, for which the attackers demand considerable sums of money. However, some attacks pretend to encrypt data and simply delete it instead. Paying ransom then, of course, does not lead to the expected recovery. Still, according to a study, nearly half of affected companies prefer to pay the claimed amount, hoping to be operational again soon. Because cyber attacks now almost always target backups first, simple data backup no longer suffices. Instead, technologies like Air Gap and Immutability should be used to protect backups particularly well from tampering and deletion. However, security by Cloud-based services is increasingly in question: experts expect we will see another major Cloud ransomware compromise this year.

#2: Data theft and publication

In addition to data loss, the opposite is also often threatening: the publication of secret or sensitive data, not least, can result in heavy fines for GDPR violations. Backups don’t help here, which is why cyber attackers are always out to steal as much data as possible from the corporate network. The combination of both methods – data theft and encryption – is known as Double Extortion. Moreover, a third method of pressuring victims is emerging: harassment. Executives in particular must fear for their careers due to the threat of public humiliation.

The main antidote is responsible handling of access rights (“Zero Trust”). It can also help move sensitive or personal data early to dedicated archive systems, where the data is comprehensively protected by (desired) encryption and hardware WORM.

#3: Sabotage

 Not all attackers come from outside. During large-scale crises, companies come under pressure and have to lay off staff. Often, employees in IT-related departments in particular have extensive access rights to systems and data. The saboteurs are often not interested in personal enrichment, but rather want to harm their former employer. But espionage is also a danger in times of conspiracy theories and ideological warfare. Insider threats are thus on the rise.

Here, “Zero Trust” is also the tool of choice. What is known in government as separation of powers should be self-evident in IT: no single employee or PC should have access and control over all areas. For example, data backup management could only be performed through specially equipped and particularly secure PCs. In practice, however, this is often possible through laptops of random IT employees.

#4: Man

Intentional problems aside, the biggest threat is still humans. Known IT problems are all too often the result of mistakes made by individual administrators. Cloud services that are unreachable for days because misconfiguration or faulty updates have blocked access are probably just the tip of the iceberg. The number of IT problems caused by human failure probably has a very high dark figure. Improperly configured replication, faulty scripts in backup environments, lost laptops or backup tapes, or the legendary cleaning lady who turns off data backup because she needs the outlet for the vacuum cleaner – the possibilities of human failure are diverse.

“Zero Trust,” separation of powers and the four-eye principle are certainly the remedies of choice here as well. Because human error can never be completely eliminated, it is imperative to value redundancy. Backups must be multiple and geo-redundantly designed. Recovery scenarios and contingency plans must be simulated, even under extraordinary circumstances, and documented accordingly.

#5: Hardware malfunction

Redundancy is simultaneously the key word for the most common cause of data loss: hardware problems. Whether individual data carriers without any redundancy are sufficient as a “last line of defense” can be questioned. Simple RAID systems are also not suitable for professional data security as pure cloud storage, which cannot be accessed in an emergency. Caution is also called for when “Software-defined Storage” (SDS) marks the end of dependence on manufacturers. The responsibility for establishing and managing a reliable and secure storage system is then left to the user. While the software in SDS can ensure the enforcement of certain guidelines, poorly composed or poorly configured hardware can quickly become a trap here.

At this point, it is decided whether it is more important to secure data for the sake of legal requirements – or whether data is seen as valuable and particularly worthy of protection. Sensitive and valuable data requires storage solutions that are designed from start to finish to protect against misuse, loss and failure.

Data protection goes beyond backups.

Among all measures designed to protect against the consequences of a cyber attack, the security of the storage solutions used should not be forgotten. Modern, specialized storage systems such as the Silent Brick System feature various internal technologies to minimize the risk of data loss due to technical and human error. Multi-level redundancy – including on Air Gap media, various Immutability measures to protect against unauthorized data deletion or manipulation, strong encryption capability and comprehensive monitoring – help minimize risk and meet regulatory requirements.

Be informed, be protected!

The Comex Team