Ransomware is now a threat not just to data availability, but to data privacy as well.
Data Privacy Day: Ransomware’s effect on privacy.
This past week was Data Privacy Week, and Sunday, January 29th, marked the observance of Data Privacy Day. Experts discuss the increased risks posed by cyberattacks to data privacy, as well as the important role employees play in an organization’s data protection, and best practices and solutions to improve data security posture. In this article we see what they’ve said about ransomware, and its impact on privacy.
Ransomware has over the past year become a pervasive threat to data, and hence to privacy.
Eric Bassier, Senior Director of Products at Quantum, notes the importance of a multi-layered approach to data protection in the wake of increased ransomware attacks:
“According to a recent study of IT and business executives, two out of five revealed that their organizations had suffered from successful ransomware attacks. Even worse, over 80% reported that they had paid ransoms to get their data back. That’s because cybercriminals are always on the hunt for new ways to trick users into clicking on links which open the door to ransomware infiltration. Ransomware is just one threat in the ever-growing cyber threat landscape. It is imperative that organizations have a documented plan on how they are protecting and recovering their data - in every stage of its lifecycle - from all manners of cyber threats.
“To ensure the resilience and rapid recoverability of data, it's essential to have a multi-layered approach in place that covers every stage of the data lifecycle from end to end. This includes maintaining multiple copies of data, using immutable snapshots, storing data offline, and employing encryption and other security measures to safeguard and recover data swiftly in any location.
“It is clear by now that it is no longer a matter of ‘if’ but ‘when’ an organization will be hit with a cyberattack. By following these guidelines and remaining vigilant, businesses can effectively strengthen their cybersecurity and reduce the risk of irreparable damage in the instance of a successful attack. It’s crucial that businesses prioritize the protection of their data, not just today, but every day. In 2023, data protection and recoverability are uncompromising, vital components to the success and sustainability of any business.”
Brian Dunagan, Vice President of Engineering at Retrospect emphasizes the continuing nature of ransomware attacks and their dangers to data:
“Every organization, regardless of size, faces the real possibility that they could be the next victim of a cyberattack. That is because today’s ransomware, which is easier than ever for even the novice cybercriminal to obtain via ransomware as a service (RaaS), strikes repeatedly and randomly without even knowing whose system it is attacking. Ransomware now simply searches for that one crack, that one vulnerability, that will allow it entry to your network. Once inside it can lock-down, delete, and/or abscond with your data and demand payment should you wish to keep your data private and/or have it returned.”
Lisa Erickson, head of data protection product management at Veritas, discusses the growing ransomware threat and the challenges it poses to data privacy:
"Over the past couple of years, ransomware, once thought of as primarily a security threat, has evolved into one of the biggest data privacy challenges that businesses continue to face. Today, double and triple extortion tactics that up the ante by threatening to sell or otherwise leak sensitive data are table stakes. Data Privacy Day is a great reminder of the importance of keeping sensitive data protected against the ever-evolving threat landscape where ransomware is the attack du jour.”
Personal data are among the most valuable an organization holds.
Christopher Rogers, technology evangelist, Zerto, a Hewlett-Packard Enterprise company describes the impact of data corruption as a result of ransomware and related attacks:
"In 2023, data is the most valuable asset any company owns. Whether it's the organization’s own data or its customers,’ the potential loss of revenue should this data be compromised is huge. Therefore, the primary concern for all businesses should be protecting this asset.
"Unfortunately, in the golden age of cybercrime, data protection is not such an easy task. In 2022, an IDC report, ‘The State of Ransomware and Disaster Preparedness’ found that 83% of organizations had experienced data corruption from an attack, and nearly 60% experienced unrecoverable data as a result. While it's clear there is a dire need for more effective data protection, it is also crucial that businesses have disaster recovery solutions in place should the worst occur.”
How an incident response plan can mitigate ransomware threats to data privacy.
Tilo Weigandt, COO and co-founder of Vaultree, discusses the need for an incident response plan and management team to protect in the event of ransomware attacks:
"Regularly testing the incident response plan and having an incident management team are important steps in preparing your organization for a ransomware or cyber incident. As a business leader, you must also ensure that appropriate security controls are in place and that employees know cybersecurity best practices. Backing up data regularly and having an outside incident management and cyber insurance company can help organizations quickly respond to a cyber incident and recoup its costs. Additionally, it is crucial to develop a cybersecurity incident response plan that outlines the steps that will be taken in the event of a ransomware or cyber incident. But most importantly is to have proper encryption in place so you don't even have to worry about the negative impacts of an incident."