Managing Cyberthreats to Combat Ransomware Part 2: Emerging Technologies and Use Cases
In part one of our blog, Managing Cyberthreats to Combat Ransomware: Current Technologies, we looked at technologies organizations are currently using to mitigate cyberthreats such as: intrusion detection system (IDS), anti-malware software, and multi-factor authentication, among others. In part two, we will discuss emerging technologies and use cases to best protect ourselves against cyberthreats. Let’s dive into some of these newer technologies and practices.
With the emergence of blockchain technologies, there has been a strong case for its use outside of cryptocurrencies, specifically around enterprise security. Blockchain technologies offer several benefits for security use cases.
1. Blockchain is decentralized
Instead of uploading data to a cloud server or storing it in a central location, blockchain breaks the data into small chunks and distributes them across the entire network of computers(node) and maintains a digital ledger of transactions. Each node has a complete copy of the ledger, so even several nodes going down at once will not result in data loss. It effectively cuts out the need to engage a third-party to process a transaction. You don’t have to place your trust in a vendor or service provider when you can rely on a decentralized, immutable ledger.
2. Blockchain offers encryption and validation
Everything that occurs on the blockchain is encrypted, and it is possible to prove that data has not been altered. Because of its distributed nature, you can check file signatures across all the ledgers on all the nodes in the network and verify that they haven’t been changed. If someone does change a record, then the signature is rendered invalid. This potentially allows you to use the blockchain ledger to verify that data you backed up and stored in the cloud with third-party vendors has gone completely unchanged even weeks, months, or years later.
3. Blockchain is near impossible to compromise
While bad actors can break into traditional networks, find all the data in a single repository, and compromise it, blockchain technology makes this extremely difficult. The data is decentralized, encrypted, and cross-checked by the whole network. This is called consensus. Once a transaction is recorded and is on the ledger, it is almost impossible to alter or remove it without detection, which invalidates the signature. Every legitimate transaction is confirmed by multiple nodes on the network. To successfully compromise blockchain, you would have to attack most of the nodes simultaneously. While this is technically possible though supercomputing and time, it is well beyond the ability of bad actors today.
4. Blockchains can be private or public
Public blockchains have grabbed early headlines for decentralization and anonymity, however, you can create private blockchains that restrict access to authorized users. With this model you still get the benefits of a decentralized peer-to-peer network, but anyone accessing a private blockchain must authenticate their identity to gain access privileges, and it can be limited to specific transactions.
Artificial Intelligence & Machine Learning
Artificial intelligence (AI) and machine learning (ML) are beginning to change the way organizations combat cyberthreats. AI can help identify patterns in different types of cyber-activities, both normal and malicious, and trigger an automation to respond to the activity. ML can help monitor incoming and outcoming data for deviations from the patterns that were identified though AI to help prevent cyber-attacks from occurring.
While the advance of AI and ML is helping organizations combat cyberthreats, on the opposite end of the spectrum, bad actors can also leverage the same technologies for ill intent— like target identification, attack timing, and detection avoidance. The potential misuse of AI and ML is concerning as it becomes more common. Enterprises need to take particular notice of any potential malicious exploitation of their own AI systems. For example, cybercriminals have been able to copy the ML models for email protection and manipulate them to whitelist malicious emails to pass through protections.
Although they are not new, disaster recovery technologies have emerged as an integral part of cybersecurity strategies because of cyberattacks like ransomware. With the increase of ransomware attacks over the last decade, data is being held hostage, and recovery of good data from before the attack is often the only way to avoid paying the ransom. While many of the core disaster recovery technologies are not new, some innovations have increased the ability of disaster recovery solutions to recovery from ransomware attacks.
1. Immutable data copies
As cyberattacks target backups with the intent to prevent recovery, disaster recovery technologies have protected recovery data against encryption by making it immutable, so that attackers cannot affect these recovery data copies. Even if all other data is encrypted, these immutable data copies, which might be in the form of a backup, a snapshot, or any other form of recovery image, are available to recover to a point before the attack.
2. Hardened security
As backup and disaster recovery solutions are targeted by ransomware to prevent recovery, these solutions have had to take increased steps to harden both software and hardware components against cyberattacks. Immutable data copies could be considered part of hardening, but this is really more about security measures like role-based access controls, multi-factor authentication, and security updates to prevent known system vulnerabilities for the solution components. In other words, make it as difficult as possible for attackers to gain access to the recovery data in the first place, thereby protecting it for an easier recovery.
3. Multi-platform protection
One of the areas where recovery data can be the most vulnerable in a cyberattack is a single platform with one compromised administrator account that has access to all of the data. By protecting data from one platform to another, for example from an on-premises hypervisor platform to a remote public or hosted cloud platform, there can be an added layer of security authentication required to access that recovery data across the platforms. Having multiple recovery data copies across multiple platforms and sites can offer even more protection.
Cybersecurity Checklist for Ransomware
Zerto: Protect Your Data, and Be Stress Free About Cyberattacks
Managing cyberthreats is an ever-evolving task that involves adopting many different processes and technologies. Knowing what emerging technologies are on the horizon can help better prepare your organization to combat these ever-growing cyberthreats. Stay tuned for our next and final part of this three-blog series on how to manage cyberthreats to combat ransomware.