By César Cid de Rivera, Vice President, International Systems Engineering, Commvault
With almost daily news about cyber attacks, companies in all industries face increasingly elaborate and deceptive strategies. Take, as an example, the ongoing problems presented by ransomware, which continues to impose huge costs on businesses that choose to pay the ransom in hopes of recovering their encrypted data.
However, a report published by the US Financial Crimes Enforcement Network reveals that in the banking sector alone, the number and cost of attacks is increasingly worrying. US banks processed $1.2 billion in suspected ransomware payments during 2021, a 188% increase over the previous year.
In a recent survey of ours, 88% of industry respondents said that preventing data damage is one of their top concerns. In addition, 72% of IT professionals are concerned about recovering after an attack and minimizing downtime.
A major concern across the board is that many IT teams do not have tools that can adequately detect ransomware attacks early on to prevent them from succeeding. In the same study, only 12% of organizations reported that their ransomware detection tools were adequate and could also cover the growing data estate, regardless of where the data was.
Ransomware and cyber risk, in general, are redefining how organizations must improve their ability to protect their infrastructure and valuable assets and, in doing so, reduce business risk. IT professionals must stay ahead of the curve and invest in proactive technology that increases their resilience. As a result, combining data protection and cybersecurity is the new normal.
In this extremely challenging environment, the priority for most companies is to strengthen their perimeter defenses. In particular, a multi-layered approach is needed to comprehensively protect data, not least because backup alone is not enough, and avoiding being in a recovery scenario is much more desirable to mitigate business disruption.
The Need for Cyber Deception Technology
In order to achieve a stronger security posture against ransomware attacks, organizations need multifaceted tools that work at all stages of the attack chain. Concealment technologies are playing an increasingly critical role in early detection of invisible and Zero-Day threats that successfully bypass conventional security tools.
But what are these technologies and how do they work? Cyber-deception is a proactive security strategy that works by ensnaring cybercriminals and malicious attacks. Today’s most advanced cyber-deception solutions begin where conventional security tools end, using a two-step process to combat unknown and zero-day threats. For example, with the use of decoys and threat sensors, cybercriminals or intrusive malware can be diverted to convincing but fake assets. At that point, alerts are immediately sent to security managers about the presence of ongoing threats before they can compromise real systems or data.
Unlike honeypots, which are designed to examine and learn from attackers and their attempts, threat sensors are developed to actively engage cybercriminals as soon as an attack is initiated. Using an efficient architecture similar to that of web services, these threat sensors are able to mimic any user asset, flooding environments with spoofed digital assets that are indistinguishable to attackers. Without affecting normal network operations, they lure attackers in during reconnaissance, lateral movement, and other attack techniques.
And because threat sensors are only visible to the attacker, enterprises benefit from extremely accurate notifications about false positives, giving them insight into activity, attack routes, and techniques used.
This approach enables organizations to provide a multi-layered defense against threats such as ransomware attacks, empowering users to immediately identify and deflect malicious threats before data is stolen, damaged, or compromised. In the current situation, where ransomware has rapidly evolved to become a massive driver of cybercrime, it is clear that existing technologies alone cannot prevent all attacks from occurring or ensure that victims can recover quickly.
Instead, organizations must focus on creating more effective solutions designed to address the specific risks presented by ransomware and other sophisticated cybercrime tactics. By using cyber deception as a proactive protection strategy, companies can put themselves in a much stronger position to thwart attackers before they have a chance to make ransom demands.