Background
Ransomware attacks have been in the public eye for quite a while now. Growth is propelled not only by the surge in the number of cybercrime groups specializing in ransomware, but to a large extent, also by the continual increase in attack sophistication.
Ransomware has evolved into a fully-fledged industry, with competing groups that continually introduce new capabilities and techniques.
Some of the new trends in data crimes, such as data leak, threat of data exposure and shaming techniques have ignited the media attention, though other, potentially even more devastating are still not widely discussed, which we’ll attempt to correct here.
Breaking The Myths: Storage, Backup, And Data Recoverability
A few years ago, very few CISOs thought that storage & backups were important. That’s no longer the case today.
In a security research study published by Continuity and CISO Mag, more than two-thirds of respondents believed an attack on their storage environment would have ‘significant’ or ‘catastrophic’ impact, and almost 60% of respondents were not confident in their ability to recover from a ransomware attack.
Ransomware has pushed backup and recovery back onto the agenda.
Cybercriminals like Conti, Hive and REvil have been actively targeting storage and backup systems, to prevent recovery.
Regulators are starting to pay attention to backup systems and data recovery. Industry awareness is also steadily growing. NIST released a Special Publication 800—209, titled Security Guidelines for Storage Infrastructure, that places significant emphasis on securing and protecting data against attacks.
This has driven CISOs to look again at potential holes in their safety nets, by reviewing their storage, backup and recovery strategies.
“In my experience CISOs have not given the storage layer enough attention in the past in protecting their businesses (including myself).”
John Meakin, Former CISO at GlaxoSmithKline
The Current Threat Landscape For Storage, Backup And Data Recovery – And The Role of Vulnerability Management
Storage & backup systems are some of the most important assets when it comes to protection from ransomware. However, vulnerabilities are plaguing these systems.
While vulnerability management is a large established market, covering endpoints, OS and networks, many of the vendors don’t scan storage and backup systems.
Two of the most common storage security challenges include:
- Use of vulnerable protocols & protocol settings
Cybercriminals can use such configuration mistakes to retrieve configuration information and stored data, and in many cases, can also tamper with (e.g., modify, destroy, lock) the data itself, including the copies used to protect the data.
- Unaddressed CVEs
Each CVE details the possible exposures and outcomes it presents – and these span a rather wide range. Among common risks include the ability to exfiltrate files, initiate denial-of-service attacks, and even take ownership of files and block devices
“Most ransomware attacks still happen due to vulnerabilities: not enough patch management, not following basic security requirements, and not having basic controls. All of this leads organizations to fail. The hackers are after our data. In a bank, data is money. This is why I’m a big believer in securing storage.”
Erdal Ozkaya, Former CISO at Standard Chartered
Recommendations
Data is a major part of the role of any CISO. And in today’s digitized, data-everywhere world, an organization must make significant investments in data protection, and storage and backup hardening.
CISOs have the skill to do it; many simply lack a clear view of the problem. The problem needs to be reframed in the minds of security experts, and fast. Analyzing data storage and backup security posture is a new skill that security teams must adopt in order to deal with emerging cyber-security threats.
I highly recommend evaluating your internal security processes to determine if they cover storage and backup infrastructure to a sufficient degree. Some of the questions that could help clarify the level of maturity are:
- Are you evaluating the resiliency of your storage and backup systems on an ongoing basis?
- Do you have detailed plans and procedures for recovery from a successful ransomware attack on a storage or backup system?
- How confident are you that you can recover from a successful ransomware attack?
Storage vulnerability management would significantlyhelp security teams get a full view of security risks in your storage & backup systems. It does this by continuously scanning these systems, to automatically detect security misconfigurations and vulnerabilities, and then prioritizing those risks in order of urgency.
Finally, I encourage you to learn more about ransomware resiliency for storage and backups. A good start could be the NIST Guide for Storage Security – a report I co-authored along with NIST.
This guide provides CISOs with an overview of the evolution of the storage and backup technology landscape, current security threats, and a set of practical recommendations.
Doron Pinhas
Chief Technology Officer
Doron is an avid Storage and Backup security advocate, and one of the two authors of the recently published NIST special publication titled: “Security Guidelines for Storage Infrastructure”. Alongside continuous research of storage security, threat landscape, and market maturity analysis, he is also engaged in writing, public speaking and information exchanged with leading organizations.
Doron has over 20 years of experience in data and storage management, mission critical computing, operating system design and development, cloud computing, and networking architecture.