Be Prepared to Neutralize Cyberattacks When – Not If – They Happen

Originally published by Titaniam.

Businesses today are under the constant threat of cyberattacks from ransomware and extortion. 68% of business leaders feel their risk of a cyberattack is increasing, according to Accenture.

For years, enterprise-level organizations have relied on data protection platforms focusing solely on prevention and detection for protection against cyber threats. What they’re missing is the ability to build immunity against attacks.

To build immunity, you must accept the fact cybercriminals will break into your systems to steal valuable data or freeze critical systems. It’s no longer a question of “if” you will experience a breach. Instead, it comes down to “when” and how bad it will be for you and your customers.

These days, it’s critical to minimize or eliminate an attacker’s leverage and neutralize the potential damage.

Know What Motivates Your Attacker

To neutralize the damage and protect against cyber-attacks and data breaches, you must first understand what motivates your attacker.

Cyberattackers have three goals that every defense strategy must anticipate. They include:

1. Theft of valuable data and intellectual property can be sold to competitors or shared online.
2. Extortion for monetary gain is commonly associated with Ransomware attacks.
3. Disruption of critical operations normally by state-sponsored attacks to inflect physical, political, psychosocial, economic, or other damage.

Create a Three-Prong Line of Defense

To eliminate the chances of cybercriminals from achieving these goals, you need to bolster defenses along these three lines:

1. Ensure your valuable data or IP cannot be stolen.
2. Make exfiltrated data ineffective for extortion.
3. Provide for immediate restoration of disrupted services.

Chances are you have the third step covered with automated backup services or cloud-based disaster recovery to restore your systems and data in the event of a cyberattack.

Unfortunately, most companies need to pay more attention to steps 1 and 2. That’s because ransomware and extortion actors create the most damage before you know they’re inside your systems. By this time, attackers can take large amounts of your sensitive data, holding tremendous leverage over your business and customers.

Most cyberattacks gain entrance with legitimate credentials to unlock encryption-at-rest, which enables data to be exfiltrated in clear text, causing massive damage to a company’s security, privacy, compliance, and customer trust.

Attackers use clear text-sensitive data to demand ransoms. Even if you’re fully capable of restoring systems from backup, you might still pay the ransom to avoid data leakage, partner and customer extortion, the sale of secrets to competitors, and posting private data online. Even then, there is no guarantee your data will remain uncompromised.

It is important to look into a data security platform that combines encryption-in-use, traditional encryption, private data release, customer-controlled keys, and enterprise-wide key orchestration that allows data to remain secure throughout its lifecycle and as it moves across the enterprise. Most importantly, consider a product retains full use of data by separately encrypting the source data and then constructing an encrypted search index based on pre-declared search types.