Cyber deception is the key to staying one step ahead of evolving threats
Data has become a critical business asset that, if managed correctly, can be used to unlock a wealth of insight for better business decisions. However, poorly managed data can be a liability instead, with data sprawl and poor visibility increasing the risk of inaccurate insights and security breaches. Organisations need to strike a balance between data availability and data security, and threat detection, endpoint protection, immutable backups, and disaster recovery are all essential components of effective data management, regardless of where the data is stored. However, cyberattacks continue to evolve and are becoming increasingly sophisticated, which means organisations need to evolve their response as well. Cyber deception – where fake network environments or ‘data assets” are created to mimic real data assets and lure bad actors - is a very proactive and powerful method of keeping increasingly distributed data environments safe, reducing risk and allowing organisations to leverage maximum value from their data, responding quickly to a potential threat and reducing the timeline of detection from days to minutes. We call this Active Defence and it is a critical element of a data protection stargecy
A growing concern
As cyber threats become increasingly sophisticated, incidents of ransomware continue to rise across the globe. In South Africa, this increase was profound between 2022 and 2023 – according to the Sophos State of Ransomware 2023 report, 78% of organisations surveyed were hit, compared to 51% in the 2022 survey. While the report states that 100% of the companies hit managed to regain their data, almost half (45%) claimed to have paid the ransom to do this, which is a costly exercise that carries significant risk.
Apart from the risk associated with a data breach, there is also reputational damage to consider, not to mention substantial downtime that affects business operations and ultimately, business profitability as a result. A Commvault-sponsored Computing whitepaper reveals that 48% of respondents estimate that it would ‘take their organisation two to seven days to fully recover data following a successful ransomware attack’, a fact that has severe potential repercussions for business continuity.
Prevention is better than cure
While having a robust incident response plan is essential to countering the growing threat of cyberattacks, and the ability to recover after a ransomware attack is paramount, it is always first prize to prevent the breach from occurring in the first place. Preventing a breach has become even more important given the nature of data most businesses collect, in combination with ever-increasing emphasis placed on data privacy. The Computing whitepaper reveals that the two most common types of data collected by organisations surveyed are internal/employee data and customer information, both of which are subject to compliance with the Protection of Personal Information Act (POPIA) in South Africa, among other laws worldwide.
However, preventing a breach has unfortunately become increasingly difficult as data environments have become more dispersed, data volumes and value have grown, and attacks have become increasingly sophisticated. Many organisations are missing essential elements of comprehensive data protection and data recovery, which can leave them vulnerable to attacks. A unified security solution with a centralised management console is an important step, because it can simplify disaster recovery, data migration and data protection, and organisations need to have endpoint protection, application data protection, disaster recovery, cloud data management and data virtualisation in place. But even this is no longer sufficient in countering the growing risk of ransomware.
A proactive approach
Along with increased incidents of ransomware, there is a concerning trend toward double extortion, where stolen data is not only encrypted, but exfiltrated as well. The speed of data recovery is typically the most difficult part of recovering from an attack, which makes tools such as anomaly detection, immutable backups, air gap, and multi-factor authentication controls imperative. However, data sprawl can be a significant challenge, especially in hybrid and distributed data environments.
It has never been more important to adopt a layered approach to data management and defence, and one of these layers should include cyber deception. Cyber deception uses decoys throughout system infrastructure to lure threat actors, detect suspicious activity and enable organisations to better understand their attack vectors. It enables organisations to not only proactively detect attackers, but also to learn about their actions before a system is actually compromised. This enables swift and decisive action to be taken to prevent a breach.
Currently, cyber deception is a vastly under-utilised tool in the fight against cybercrime, with less than a quarter (22%) of respondents in the Computing whitepaper indicating that their organisation had carried out cyber deception. One of the reasons for this is that the skills and expertise required to carry it out can be scarce. However, with Commvault’s new Metallic ThreatWise platform offering cyber deception technology as a service, any organisation can now leverage the benefits. The key to reducing vulnerability is to take proactive steps to protect data and work with a reputable solutions provider that offers comprehensive and sophisticated ransomware protection and recovery solutions.