Home Posts tagged ransomware

Tag: ransomware

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools.

What is lateral security?  It leverages both access control and advanced threat prevention strategies and consists of a set of systematic, omnipresent tools deployed between the perimeter and endpoints. Key lateral security tools include:

Network segmentationMicro-segmentationAdvanced threat prevention capabilities such as intrusion detection/prevention systems (IDS/IPS)Network sandboxes

Network traffic analysis/network detection and response (NTA/NDR

Ransomware By the Numbers

To understand the value of lateral security tools, it’s important to first assess the current state of ransomware. The number of attacks continues to grow unabated, with a 13% increase from 2020 to 2021—a larger increase than the previous five years combined.

This trend was echoed in a 2022 VMware survey of 200 IT and security leaders in North America, Europe, the Middle East, and Africa. Approximately one-third of the survey respondents work for a company with 1,001 to 5,000 employees, one-third represent companies with 5,001 to 10,000 employees, and one-third represent companies with more than 10,000 employees.

Cloud Security, VMware

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools.

What is lateral security?  It leverages both access control and advanced threat prevention strategies and consists of a set of systematic, omnipresent tools deployed between the perimeter and endpoints. Key lateral security tools include:

Network segmentationMicro-segmentationAdvanced threat prevention capabilities such as intrusion detection/prevention systems (IDS/IPS)Network sandboxesNetwork traffic analysis/network detection and response (NTA/NDR)

Ransomware By the Numbers

To understand the value of lateral security tools, it’s important to first assess the current state of ransomware. The number of attacks continues to grow unabated, with a 13% increase from 2020 to 2021—a larger increase than the previous five years combined.

This trend was echoed in a 2022 VMware survey of 200 IT and security leaders in North America, Europe, the Middle East, and Africa. Approximately one-third of the survey respondents work for a company with 1,001 to 5,000 employees, one-third represent companies with 5,001 to 10,000 employees, and one-third represent companies with more than 10,000 employees.

VMware

More than two-thirds (68%) of the respondents reported that their organization experienced at least one ransomware incident (whether successful or not) in the previous 24 months.

Of those reporting attacks, 42% said they suffered at least three incidents (whether successful or not). In addition to attacks on their own organizations, 55% of respondents are aware of three to six peer organizations that suffered at least one ransomware attack in the last 24 months.

Second Survey Focuses on Lessons Learned Following a Ransomware Attack

In a follow-up survey, VMware explored how security professionals whose organization experienced a ransomware incident in the last three years responded to the attack and what they changed in the aftermath. Isolating in on three core areas—people, process, and technology — the findings shed light on where security leaders believe they were underprepared and the steps they planned to take to address their gaps.

While most respondents reported their organizations had identity and access management and server endpoint protection/detection and response technologies in place before the ransomware incident, fewer had segmentation and advanced threat prevention tools deployed.

VMWare

Key Finding: The Flat Network

We interpret the findings on segmentation technologies to mean that a significant portion of the networks within respondents’ organizations was flat—including the area of the network that was hit by the ransomware. Flat networks provide no barrier against attackers that first compromise a lightly defended low-value system and then move laterally to infiltrate higher-value systems.

The bottom line is that network segmentation, micro-segmentation, and other essential lateral security tools were not deployed pervasively, leaving gaps in protection that attackers could exploit. It’s no surprise then that those organizations report an increase in interest in these types of tools after the ransomware incident.

Eliminating the Blind Spots with Lateral Security

As we all know, a successful ransomware attack can be devasting for companies, with an economic, operational, and reputational impact that requires extensive containment and recovery actions to restore systems and data.

Those IT and security leaders who are looking to improve their defenses are placing a sharper focus on the set of tools that make up lateral security. These technologies, when used in concert with each other, can eliminate the blind spots that prevent organizations from detecting threats as they move laterally through the infrastructure.

VMWare

Read our new white paper for a deeper dive into why and how CISOs and other IT and security leaders are deploying lateral security tools to effectively protect their organizations.

Download Now

Click here to Learn more.

VMware

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

Warranties inspire confidence. If something goes wrong with a purchase, you’ll be made whole. That’s the idea anyway.

Now consider ransomware. It’s not a “something.” It’s a “when thing.” So ransomware warranties hold understandable appeal.

Here’s why: By 2031, ransomware is expected to attack a business, customer, or device every two seconds, costing victims around $265 billion annually — according to Cybersecurity Ventures.

Recently, a ransomware attack hit the Los Angeles Unified School District, the second largest in the US. Hackers demanded a ransom and leaked over 500GB of stolen data.

So if ransomware is inevitable, who wouldn’t want a ransomware warranty? After all, you’ll get a guaranteed payout if and when the worst happens. That’s the pitch anyway.

But buyer beware. As with most warranties, “terms and conditions apply.”

Terms and conditions from real data protection and data security warranties

Companies love to make promises so you’ll buy their products. But if you need to make good on a ransomware warranty, prepare to read the fine print.

Generally, these warranties will not:

Cover malware introduced by a third party into your internal systems through a breach in your system security. For example, if a hacker from a foreign country were to breach your security and introduce malware, that likely will not be covered.Cover any malware introduced into your internal systems by employees / staff / personnel through a breach in your system security. As an example, by way of certain types of phishing (note: CISA says 90% of all cyberattacks begin with phishing).

And here’s just some of the conditions you may be asked to meet to exercise various warranties:

Sign up for a monthly health check and follow all instructions regardless of how burdensome or costly. If not, no payout.Continuously download all new versions and patches. If not, no payout.Obligate you to follow both (a) the rules in the frequently changing “security hardening” document and (b) “then-current” industry best practices regarding the protection of access credentials, an area phishing attackers regularly target. (Keep in mind, too, that how these “best practices” are defined is open to interpretation and left to the subjectivity of the vendor.) If not 100% compliant, no payout.Pay for a non-refundable customer experience manager consulting service. If not, no payout.Agree to a public case study of how you were compromised. If not, no payout.Ask permission of the vendor before you begin incurring costs to recover from the attack.  If not, they won’t cover your expenses.

Even if you met the vendors’ conditions, ransomware warranties are frequently designed so that you’d only qualify for reimbursement of actual pre-approved data recovery, restoration, or re-creation expenses after incurring them. Any ransomware payments wouldn’t be eligible for reimbursement.

No harm done, right? wrong.

Beyond the terms, conditions, and exclusions, can ransomware warranties actually harm your business?

Again, read the fine print. Signing them can limit you to a sole and exclusive remedy with those vendors, and numerous escape clauses may let them blame you for losses you incur. Warranties like these are little more than limitations of liability benefiting the companies — not you, the customer.

After reading through all the legalese, one customer joked they’d probably be asked to dance in the rain next — the list of warranty conditions was that endless.

You can take it to the vault: Cohesity FortKnox

So if warranties won’t defend you against ransomware, what will? A real technology solution you can rely on when ransomware attacks.

For example, check out Cohesity FortKnox, a SaaS cyber-vaulting, data isolation and recovery solution, which was named the Gold Winner in the Business Continuity and Data Protection category and won Best of Show at VMware Explore 2022.

FortKnox improves cyber resiliency with an immutable, “gold copy” of data in a Cohesity-managed cyber vault. It empowers organizations to prepare for and recover quickly from attacks, with granular recovery back to the source, or an alternate location, including the public cloud.

Cohesity also recently unveiled DataHawk, a solution that combines cyber vaulting, threat intelligence, and ML-powered data classification all in one data security SaaS offering. This solution is designed to provide powerful protection against cyberattacks today and tomorrow.

Additionally, with Cohesity, customers have access to:

The Data Security Alliance, which brings together the ‘who’s who’ in cybersecurity, data security, and data management to collectively help enterprises win the war against cyberattacks.

An exemplary Security Advisory Council led by Cohesity Board member Kevin Mandia, one of the world’s leading cybercrime fighters. Trust us: This Council’s advice is worth more than any gimmicky warranty.An additional layer of real ransomware protection that may help you qualify for cybersecurity insurance, as it did for a metro Atlanta school district.Exceptional SaaS and self-managed data protection, trusted by nearly half the Fortune 100.The Cohesity Data Cloud: one simple, unique platform to secure and manage your data.

We’ll match the same warranties as our competitors, but we’d rather offer you the guarantee of a world-class data security and management platform, with the benefit of a world-class Security Advisory Council.

Put us to the test.

We invite you to learn more about Cohesity FortKnox and Cohesity DataHawk.

Ransomware, Security

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

By Ashok Rutthan, Chief information security officer at Massmart

Organizations of every size and sector are experiencing a rising tide of ransomware attacks, resulting in the collective global loss of billions of dollars and untold brand damage. Leaders are learning first hand the ways ransomware has become a scourge on smooth operations and financial well-being. Nowhere is this more true than in retail, where ransomware represents a unique set of challenges and risks. For retailers, becoming more resilient in the face of ransomware is paramount.

Why Ransomware Presents Significant Challenges for Retail

In contrast to most industries, retail organizations are multi-site and multi-channel in nature, which means there are many more points of entry for ransomware attacks. Retail operation also embodies an extraordinarily diverse set of endpoints, above and beyond traditional computer endpoints, such as item-level RFID-based packages and pallets, vehicle-mounted computers, handheld scan-based computers, smart shelves, IP cameras and more. It’s a massive surface to protect.

Additionally, retailers are challenged by the fact that many employees using technology devices and services are non-technical staff. In fact, that’s often a retailer’s weakest point—its own user base. Retail employees are there to sell the candy, clothes, or canned food, not be IT or InfoSec specialists. So retailers have the challenge of properly training a large number of full-time, part-time and seasonal staff, to ensure every employee is aware of risks and how to avoid them.

But probably the single biggest factor that makes ransomware a challenge in retailing compared to other industries is retailers’ single-minded focus on our consumer. We are well aware of what happens when a ransomware attack compromises consumers’ identity and other personal, private information. Once we retailers lose a customer for any reason, they’re likely to be gone for a long time. Not only that, but we lose that customer to a direct competitor, making it a double hit. Even if we are fortunate enough to regain customers’ trust, doing so is an expensive re-acquisition effort; it’s well documented that regaining a lost customer costs many times more than acquiring a new one.

Add to all of these considerations a stark fact: Retailing is tied with public education as the industry most targeted by ransomware attacks. According to research from Unit42, the average business downtime caused by a ransomware attack in 2021 is 23 days, and the cost of downtime is estimated at 50 times the initial ransom demand.

How Retailers Can Become More Resilient Against Ransomware

First, it’s essential that retailers practice their responses to an attack; our company continuously does tabletop learning exercises. What you often discover in those exercises is that members of your executive team or board may need to be educated on cybersecurity technology and best practices.

This c-level education is important, but it’s also challenging. There are a thousand things going across executives’ minds at any moment in time—strategy, operations, running the business. When you bring something as technical as cybersecurity to top leaders, they may simply shut down because of everything else on their minds. This is an important communication challenge to overcome. You can do it by speaking the language of business.

Beyond educating your leaders on good cyber hygiene, ensure they understand the impact of a ransomware attack on the business. That understanding helps to drive greater investment— figuratively and literally—because they know the true cost of a breach. One thing that all executives and board members understand is the concept of risk, so I like to lean into that bias by helping them understand their responsibility in the event of an incident. Once they see everything in a familiar risk context, they often instinctively ask, “What can I do to help you?”

It’s also important for leaders in your organization not to fall into a false sense of comfort and think the information security team or the IT organization has it all covered. It’s not. We are there to make sure the organization, employees, business partners and customers are protected. We are there to manage an incident when it occurs, and to do everything we can to spot problems before they pop up. But we cannot do it alone.

Everyone must be appropriately trained to understand ransomware and other cyber threats, and act appropriately. Each employee in the retail organization, from store operations and merchandising to shipping and receiving, must understand that they play a key role in promoting cybersecurity best practices and stopping ransomware from getting inside the walls. This kind of training should be delivered in small snippets and nuggets, short videos and email so you don’t lose the audience. And repetition is key. Everyone needs to know what happens when they take a risky action like clicking on a spam email link, and how to report it when they discover a risk. In the event of a ransomware attack, there are critical decisions to be made, and one of our key jobs as security leaders is to ensure that the C-suite and the board are ready to act.

5 Considerations for Ransomware Defense Strategies

There are five key elements to understanding the impact of a ransomware breach on a retail organization.

What is the downtime that is going to occur throughout the organization at headquarters, in the stores and in the supply chain? If your point-of-sale system is down and you have hundreds or thousands of stores, there’s no way you can go to manual processing. Customers are going to leave the stores, and they may not come back for a long time. When everything takes place on a digital platform, the operational impact of downtime must be calculated before a breach even happens.How long can we withstand the impact of downtime? Revenue will be lost, reputation will be damaged. Also, an attack is going to impact associates’ productivity, but we still have to pay these associates.Lost opportunities with our customers. If you can’t service a customer, they’re going to your competitor. If they get great service there—and when your competitor discovers why the customer has left your store and gone to theirs, they will get great service—you’re going to lose that customer for a long time.What are the bad actors asking for? Is it a nuisance attempt, maybe a small amount (initially)? Or are they asking for a million dollars?  You’ll need to determine what will cost you more in the long run: paying the ransom now, or not paying the ransom?Customer confidence is the key. Simply put, customers who are not confident that you will treat their personal information safely and securely will likely walk away. If you lose a customer’s confidence, you’ve lost the customer.

Retailers should acknowledge and accept that their organizations are highly likely to be confronted with a ransomware attack at some point in the near future. While that doesn’t mean the attack will be successful, it means you have to operate with an understanding that you need to have a plan, you need to practice that plan, you need to train your employees and you have to give your C-suite board all the information they need to make the right decision for the organization.

Read more on ransomware trends in this Unit 42 report.

About Ashok Rutthan:

SRT guest author, Ashok Rutthan, is chief information security officer at Massmart, a major retailer and wholesaler based in South Africa.

Data and Information Security, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , , , , , ,

IT analyst firm GigaOm is quick to point out that primary data is the first point of impact for ransomware attacks. This fact puts primary storage in the spotlight for every CIO to see, and it highlights how important ransomware protection is in an enterprise storage solution. When GigaOm released their “GigaOm Sonar Report for Block-based Primary Storage Ransomware Protection” recently, a clear leader emerged.

GigaOm named Infinidat as the industry leader in ransomware protection for block-based storage. Infinidat is a leading provider of enterprise storage solutions. According to GigaOm’s independent analysis, Infinidat distinguishes itself for its modern, software-defined storage architecture, securing enterprise storage with a strategic, long-term approach, broad and deep functionality, and high quality of innovation.

One of the top CMOs in the tech industry, Eric Herzog, is leading the marketing charge at Infinidat and had this to say about this recognition from GigaOm:

“Infinidat has taken the benefits of ransomware protection on enterprise block storage to the next level, including guaranteed immutable snapshot recovery in one minute or less, greater ease of use, and comprehensive cyber resilience.”

“Being recognized as the industry leader for combatting ransomware not only gives us enormous forward momentum as a solution provider of cyber storage resilience and modern data protection, but it also gives Infinidat a seat at the table to talk to large enterprises and service providers about what we can do to eliminate the threat of ransomware for them,” he added.

The GigaOm Sonar Report showcases the strength of Infinidat’s novel InfiniSafe cyber resilience technology embedded across all its platforms: InfiniBox®, InfiniBox™ SSA and InfiniGuard®. The report states:

“Infinidat offers a complete and balanced ransomware protection solution. InfiniSafe brings together the key foundational requirements essential for delivering comprehensive cyber-recovery capabilities with immutable snapshots, logical air-gapped protection, a fenced forensic network, and near-instantaneous recovery of backups of any repository size.”

Infinidat has delivered the industry’s first cyber storage guarantee for recovery on primary storage – the InfiniSafe® Cyber Storage guarantee.

The company recently extended cyber resilience to its InfiniBox and InfiniBox SSA II enterprise storage platforms with the InfiniSafe Reference Architecture, allowing Infinidat to provide its immutability snapshot guarantee and the recovery time of immutable snapshots at one minute or less. InfiniSafe was announced on the InfiniGuard modern data protection and cyber storage resilience platform in February this year.

The GigaOm Sonar Report recognizes the features and functionality of Infinidat’s cyber resilience technology: “InfiniGuard delivers solid cybersecurity features at no extra cost, allowing customers to quickly and securely restore data, even at scale, in case of an attack.”

Through near instantaneous cyber recovery, Infinidat helps organizations avoid having to pay the ransom, yet still retrieve their valuable enterprise data, uncompromised and intact. Think about how significant this really is, given how much of a threat ransomware is.

When ransomware takes data hostage, it can destroy backup copies of data, steal credentials, leak stolen information, and worse. It has caused businesses of all sizes to shut down operations overnight, so it is not unusual for a company to pay a large sum of money to restore their business. Infinidat’s solutions can put a stop to it.

It is an honor that GigaOm has recognized the technology leadership. The analyst community has been spot-on about how enterprises and service providers should strategize to not just take “baby steps” but actually take a quantum leap forward to address these cyberattacks.

In addition, GigaOm recognized Infinidat as a “Fast Mover,” one of only two vendors awarded that accolade. “Fast Movers” are expected to deliver on their solutions and technologies faster and with more features/functionality than other vendors known as “Forward Movers.” Infinidat has been rapidly delivering new technology, several guarantees, and new capabilities over the past 18 months, including the extension of new features and functions to InfiniSafe.

Max Mortillaro, Analyst at GigaOm, shared his perspective: “Primary data is the first point of impact for ransomware attacks, so it is critical for organizations to implement primary storage solutions that incorporate ransomware protection, such as Infinidat’s cyber resilience solutions.”

He went on to say, “Our new GigaOm Sonar Report on ransomware protection for block storage comes at a time when ransomware attacks have become so prevalent and such a persistent threat for all organizations across all industries. We have seen through our analysis how ransomware can cause significant damage to companies and government agencies.”

The time is right for Infinidat to step forward as a recognized industry leader for ransomware protection.

To download the full analyst report, click here.

To read more about Infinidat’s cyber resilience solutions, click here.

Security

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , ,

A cyberattack hits an enterprise. The CEO wants answers; the CFO is worried about the economic impact; the COO fears a halt to operations, and the CMO prepares to handle the fallout and customer impact. An emergency meeting in the corporate boardroom is called.

Calmly and confidently, the CIO walks into the room and informs the C-suite that the recovery of the enterprise’s data will start immediately – yes, in a minute or less – to nullify the effects of the ransomware attack, thanks to a cyber storage guarantee on primary storage that is a first-of-its kind in the industry.

Enterprises and service providers need assurance that they will recover and restore their data at near-instantaneous speed in the wake of a cyberattack. The best practice that is catching on is the use of a guaranteed immutable snapshot dataset with a guaranteed recovery time of one minute or less.

Cyber resilient storage is among the most important and highly demanded requirements of enterprises today to ensure exceptional cybersecurity and combat cyberattacks across the entire storage estate and data infrastructure.

In recent research, IDC found that 87% of organizations impacted by ransomware in the past year had to pay a ransom to recover their data. IT leaders can now realistically expect to avoid having to pay the ransom, yet still retrieve their data, uncompromised and intact, through rapid cyber recovery.

The enterprise storage solution that has delivered the world’s first cyber storage guarantee for recovery on primary storage is Infinidat.

The company’s InfiniSafe® Cyber Storage guarantee sets a new standard for cyber recovery, backed by a Service Level Agreement (SLA) reinforcing the cyber resilience that puts control back into the hands of CIOs and their IT teams ahead of, and in the midst of an attack, by cyber criminals. The “sting” of a ransomware or malware attack is removed quickly, efficiently, and comprehensively.

Who would have thought that the latest answer to cyberattacks was actually found in guaranteed cyber recovery on primary storage? An IDC analyst pointed out that all other companies have avoided guaranteeing recovery time up to this point in time.

Eric Burgener, Research Vice President, Infrastructure Systems Group, IDC, publicly stated recently, “Over the last decade, IT infrastructure vendors have been adding guarantees on their storage platforms that have definitively improved the ownership experience for enterprise storage, but they have always stayed away from the topics of performance and recovery time. With their new performance and cyber storage recovery guarantees, Infinidat is breaking new ground in these areas in ways that drive meaningful value for their enterprise customers.”

Infinidat made a bold move to put the minds of C-level executives and IT teams at ease. In response, the feedback from enterprise customers, service providers and IT solution providers has been eye-opening. They state the facts – and what’s important to enterprises today.

“As part of our disaster recovery preparedness, we look for solutions and assurances that will help us minimize any potential impact of a cyberattack or any other kind of disaster. Knowing that Infinidat guarantees rapid cyber recovery based on its InfiniSafe immutable snapshot capability, as well as high performance, we could add this to our data center toolkit that we know our supplier will deliver,” said Laurent Ulrich, Head of IT at Justice Court of Basel, Switzerland.

“In this day and age, according to the cloud strategy we’re just writing, this kind of guaranteed SLA can make all the difference in the world for an enterprise and gives us peace of mind with Infinidat’s powerful commitment,” he added.

The cyber storage guarantee was made possible through an expansion of its guaranteed Service Level Agreement (SLA) program. The cyber storage guarantee for recovery on primary storage is truly an industry “first.” This was part of announcement that also included the company’s announcing a new performance guarantee across its InfiniBox® platforms.

The performance guarantee assures customers that primary storage platforms, coupled with the cyber recovery guarantee, outperform their existing storage products in their production environments. This enables customers to have optimal application and workload performance, as well as substantial storage consolidation driving increased efficiency and reduced total cost. SLAs now span across availability, performance, and recovery operations to meet the most demanding data center requirements. 

Enterprise storage at its best. Guaranteed.

[cta]

For more information, click here.

Security