Nate Latessa, VP of Corporate Services
Ransomware attacks increased by 485% in 2020 compared to 2019 and they do not appear to be slowing down anytime soon. This week’s attack on the Colonial Pipeline is further proof of how effective and disruptive these ransomware attacks have become. This latest example also represents a change in tactics by the hackers, which is aimed at increasing the likelihood that the ransom is paid.
Traditional ransomware attacks encrypt data in place on the victims’ network. Once encrypted, the hacker demands payment to release the decryption key to unlock the files. If payment is not made, the data remains encrypted and inaccessible. The difference in the Colonial Pipeline attack is that the attackers downloaded 100 gigabytes of corporate data first and then encrypted the original data on the network. If the ransom is not paid, the hackers are threatening to release the files to the public.
The problem with this tactic, and the reason it is successful, is that most companies do not know the location of their sensitive data. Without knowing what is in the data, they must assume that it is sensitive and respond appropriately. Studies have shown that on average 16.2% of all files contain sensitive information. In this case, that could equate to over 65,000 compromised files containing sensitive data.
In layman’s terms, if you know where your data resides, you have the control when a hacker holds it hostage. A hacker will grab everything they can and hope that your fear of the worst will benefit their cause. If you know where your data lives, you can evaluate the threat, confidently determine what information they have access to, and move forward accordingly. There is no reason to pay big bucks to protect the company lunch menu.
Incidents like this highlight the fact that cybersecurity needs a more data centric approach. Companies can no longer rely on only perimeter defenses, treating all data inside the same way. Redundant, obsolete and trivial (ROT) data makes up approximately 80% of all a company’s data. That means that $.80 of every dollar spent on cybersecurity is used to protect data with no business, legal or regulatory value. By eliminating ROT, it frees up time and resources to focus your cybersecurity spend on protecting the data that matters most.