Time to beat ransomware criminals at their own game

With the steady stream of ransomware headlines, it’s clear that a different approach to protecting data is needed. “It’s time to think differently and play the ransomware cybercriminals at their own game,” says Nigel Thorpe, technical director at SecureAge Technologies. “We must rethink the traditional ‘castle and moat’ methods of protection to keep cyber criminals out and adopt a data-centric approach, where security is built into data itself. If all data is encrypted before a ransomware attack takes place, it is useless to the cyber criminal. They can’t decrypt the data and they can’t demand a ransom for data that is already encrypted.”

However, this strategy only works if all data is encrypted – not only at rest but also in transit and in use – on site, on a remote device or in the cloud. Full disk encryption will protect data when it is at rest on a powered-off hard disk or USB stick, but it is of no use in protecting data against unauthorised access or theft from a running system. And with more people working remotely, data can often be saved unprotected on local storage. What is needed is universal file-level encryption where security and authentication is built right into each file for all data, all of the time.

Encrypting all data also overcomes the problems of classifying and locating ‘sensitive data’. In a 2020 Ponemon report, 67% of respondents say discovering where sensitive data resides in the organisation is the number one challenge in planning and executing a data encryption strategy. “It is easy to argue that all data is sensitive,” says Thorpe. “Cyber criminals increasingly patch together seemingly random pieces of data to create sophisticated phishing attacks or to construct digital profiles for identity theft. If you can encrypt all data without impacting users, applications or business processes, why wouldn’t you do it.”

For cyber criminals, ransomware is a low risk, high reward activity, with a virtually unlimited supply of potential victims, while the arrival of Ransomware-as-a-Service (RaaS) only serves to increase the scale and volume of attacks. “By encrypting all data – whether it is stored, in transit or in use – we are finally designing security into the only thing which has value – the data itself,” says Thorpe. “In effect it’s reverse ransomware – criminals no longer have the ability to threaten an organisation by shutting down systems or publishing data, so the ransom leverage is null and void.”