Unless you work for an insurance carrier, it is reasonable to assume that not many people are big fans of paying insurance premiums, especially when the premiums jump as much as 300% at the time of renewal. Thankfully, I’m not talking about our personal insurance premiums (while those also continue to rise, that’s a discussion for another day); I’m talking about cyber insurance that organizations purchase to hedge against potential cyberattacks, including ransomware. Interestingly, even after raising insurance premiums, organizations are unable to secure enough coverage and cyber business lines for the insurance carriers are experiencing declining profits.
So what is causing your cyber insurance premiums to skyrocket? It’s the evolving threat from ransomware attacks. As I covered in my previous blog, cybercriminals have changed their tactics. To ensure a monetary payout, hackers are no longer encrypting production data and deleting backup copies. Instead, they are now deploying the “double extortion scheme,” encrypting your production and backup data while at the same time stealing your confidential data and threatening to publish it on the dark web unless a ransom is paid. According to Trend Micro, to date, over 35 ransomware families have employed double extortion techniques, including Ryuk, LockBit, and more.
To counter these threats, organizations are increasingly adopting zero-trust strategies, as recommended by the U.S. White House executive order. While adopting zero-trust principles is a good start, it is not enough to protect your data and business reputation in this evolving cybersecurity landscape. The NIST Cyber Security Framework emphasizes adopting a multi-layered defense-in-depth strategy to help you survive an attack. Cohesity’s Threat Defense architecture follows and then goes beyond zero-trust to help organizations achieve cyber resilience.
Data is in the center of any organization. This data is generated by multiple sources and touched by many API integrations, business applications, and of course, users. At the end of the day, what matters are the outcomes you can achieve from that data —- whether resilience to recover from natural disasters, operational failures, or protecting your business against the evolving threat from ransomware attacks.
Threat Defense architecture is designed to help you enhance cyber resiliency and stay one step ahead of the cybercriminals. The key pillars of Threat Defense are:
Let’s dig into each of these key pillars.
Data resiliency: Your data drives your business and should be able to withstand any failures that may occur, including hardware problems, system or software corruption, human errors, natural disaster, or ransomware. To achieve data resiliency, Cohesity Threat Defense includes capabilities such as:
Access Control: According to Verison’s Data Breach Investigations Report, cybercriminals prefer to use lost or stolen credentials over malware to deploy ransomware attacks, as these are much easier to obtain and can easily bypass antivirus programs and other security software. Colonial Pipeline was one of the largest and most disruptive ransomware attacks of 2021. The attack was attributed to DarkSide, a hacking group that leveraged a compromised password to gain access. To mitigate against the risk posed by weak user passwords and insider threats, Cohesity Threat Defense includes capabilities to stop unauthorized users from impacting your business.
Other capabilities that help organizations establish stricter access controls include:
While Cohesity Threat Defense capabilities will help protect your critical data against encryption or deletion, what about the threat posed by data exfiltration, as I like to call it, “Ransomware 3.0” and covered it along with 1.0 and 2.0 in my previous blog, Countering the Evolving Threat of Ransomware? The ransomware attacks on Acer and Bangkok Airways are just a couple of examples of how cybercriminals deploy sophisticated data exfiltration attacks. While backup-based data anomaly detection can help tackle ransomware 1.0 and ransomware 2.0 variants, it is not designed to detect data exfiltration.
It is critical to realize that in order to deter data exfiltration, detection of suspicious activity must occur much earlier, and the existing techniques built around backup data anomaly detection, are designed to analyze backup data, which at best happens every 24 hours. Backup and recovery are still essential for defending against a data encryption attack, but organizations need to rethink their data security and data governance strategies to reduce their risk of data exfiltration. Data security and data governance cannot be siloed anymore.
AI-driven Detection and Analytics, the next pillar of Cohesity ThreatDefense, helps organizations get ahead of the threats posed by Ransomware 3.0, data exfiltration. Unlike other solutions, Cohesity scans data sources and backup data so that you know what sensitive data you have and where it resides as well as whether it’s been compromised (or about to be compromised) by ransomware. In addition to source-side data anomaly detection that identifies anomalies indicative to ransomware compromise, the other critical capabilities of this pillar include:
The final pillar of Cohesity Threat Defense architecture is its extensibility, the platform’s ability to integrate with leading security tools seamlessly. From Cisco SecureX to Tenable, Cohesity offers a wide range of integrations with cloud, data classification, endpoint, identity, and SIEM and SOAR partners to help protect your data and your business reputation.