em360tech image

After all the debates prompted by Cybersecurity Awareness Month, I have been receiving regular feedback following my many social media posts about cybersecurity and cyber storage resilience and recovery. It’s clear that serious changes are underway in the cyber threat landscape and the timing couldn’t be better. Finally, we are seeing a realisation that many enterprises have not seen their cybersecurity measures work as effectively as anticipated - because they omitted a vital piece: the cybersecurity of their enterprise storage.

Let’s give this issue some context. 2022 was the second highest year on record for ransomware attacks, with 493.3 million attempted globally. This figure will be even higher by the end of 2023. Ransomware cyberattacks accounted for 12% of all critical infrastructure breaches in the last year. This is bad news for enterprises. It means that ransomware attacks are broadening in scope, and new tactics, designed to outsmart you, are now being used.

The evolution of cyber criminals

Storage has become a vital component of cybersecurity because the vulnerabilities of legacy storage infrastructures are being exposed. Data back-up processes are not nearly at the level of security required for enterprise storage – not by a long shot. IT leaders are waking up to the fact that cybercriminals have worked out how to attack primary storage and secondary storage. Cybercriminals are evolving quickly and becoming more sophisticated, while enterprises tend to move slower to implement the one “weapon” they have against ransomware and other malware: cyber resilience.

Even if an enterprise had successfully thwarted a cyberattack last year, it doesn’t mean that the same security-minded approach to IT infrastructure will hold up this year or in 2024. Cyberattacks are hitting every 30 seconds or less. Enterprises need to know their enemy and strategise accordingly.

However, awareness is only one aspect to get right. It’s also essential to embrace successful strategies for cyber storage and implement best-in-class cyber resilience.

Ransomware tactics are increasingly aggressive

In the U.S., the Federal Bureau of Investigation (FBI) has warned that two new trends have emerged among threat actors who are focused on ransomware. One trend is for cybercriminals to launch multiple ransomware attacks against the same company within a short period of time, taking advantage of the fact that a company is distracted by the first cyberattack. It’s the equivalent of “kicking a person when they are down.” Hackers are becoming exponentially more persistent.

Attacking an already compromised system seems to be giving them more leverage. It tests the resiliency of the storage infrastructure. In addition, dual ransomware variants are increasingly being used, causing a combination of data encryption, exfiltration, and economic losses, including ransom payments.

The second trend is ransomware threat actors using new tactics that are focused on data destruction during attacks. To apply pressure to the companies being victimised, they are deploying wiper tools. They are trying to take advantage of the lack of awareness among leaders of enterprise companies. Cybercriminals are also automating cyberattacks by using AI. They are not only stealing data but also maliciously dropping in data-poisoning “pills” to wreak havoc on an enterprise.

It’s no surprise that CIOs everywhere are planning to increase their investment in cybersecurity. But are they treating cyber resilience as something separate from cybersecurity?

Cyber storage resilience and recovery must be incorporated into a comprehensive enterprise-wide cybersecurity strategy. It needs to be seen that cybercriminals are targeting storage – both primary storage and backup/archival storage. These bad cyber moles can be sitting inside an organisation, dormant, for as long as 300 days without being detected – then they strike through the legacy storage arrays. Ransomware breaches are harder to detect. They cannot be fixed by backup alone. And when they are activated, they are happening faster than ever, giving more CIOs sleepless nights.

This is why the modernisation, consolidation, and pressure-testing of enterprise storage is so vital. CIOs, and their IT teams, need to know with confidence that their storage infrastructure can handle these new tactics from ransomware-focused threat actors.

Hi Five! to cyber resilience best practice

Enterprises need to improve storage system security. With more than 70% of enterprises using hybrid cloud, according to the 2023 State of the Cloud Reporter (from Flexera), IT leaders need to secure the data stores that are moving between on-premises and the public cloud. Data that is at rest and in motion needs to be more tightly secured.

Best practices have already been established for injecting enterprise storage solutions with cyber resilience and recovery capabilities through software. You can count these best practices on one hand.

  • Immutable snapshots (your thumb)
  • Rapid cyber recovery (your index finger)
  • Cyber detection (your third finger)
  • Air-gapping (your ring finger)
  • Fenced forensic environments (your pinky finger)

These are the five essentials for an effective, secure enterprise cyber storage resilience and recovery strategy and architecture. Each one is as important as the other and and by counting them out on the finger of one hand, you know you won’t forget any! Give enterprise cyber storage resilience and recovery a hand! I can guarantee it definitely works.