Op-Ed: Ransomware v humanware

Every leader hopes that neither of these challengers will have their organisation on the ropes. In reality though, both present a significant threat to data integrity and business continuity.

However, whilst the risks of ransomware are starting to be taken more seriously, the same care and attention that’s spent defending against it is rarely lavished on barriers to protect against human error.

Where is the biggest risk?

According to recent Veritas research, the average Australian enterprise has been the victim of 1.14 ransomware attacks. Attacks are getting more sophisticated as organised criminals zone in on high-value data from targeted organisations.

And hackers are finding new ways to exert pressure on their victims to pay by bringing whole IT systems to a halt, or stealing sensitive data and threatening to publish it online.

As a result, only 34 per cent of Australian businesses who have been attacked have managed to avoid paying a ransom to the criminals that initiated it.

Against this backdrop, anyone could be forgiven for thinking that the ransomware hackers were winning the fight to get to business data. However, human error remains a far more common cause of data loss and is also growing. The Office of the Australian Information Commissioner (OAIC) received 539 data breach notifications from July to December 2020, an increase of 5 per cent from the 512 notifications received from January to June 2020.

Of the reports of data breaches made by government agencies, human error accounted for 88 per cent of these. And almost half of these human error breaches resulted from personal information being sent to the wrong recipient.

VIEW ALL

We can see that human error is becoming a much more distributed challenge. Even if businesses train their entire workforce to exceptional standards, they’re still only reaching a fraction of the people who could put their data at risk. Business partners, contractors, third parties and all manner of workers in the supply chain can impact data integrity.

Even with the rapid growth and expansion of attacks from ransomware, hackers still have a long way to go before they could have a broader impact on business data than simple human error.

What can we learn from the ransomware approach?

Whilst the motivation and circumstances behind these two types of data loss differs, the solutions have a lot in common. Here are five key lessons about dealing with human error that have been learned from protecting against ransomware:

1. Act as if a breach is inevitable

Businesses have realised that trying to protect the network perimeter against an incoming ransomware attack is like being the boy using his fingers to plug the holes in the dam: ultimately, something is going to leak through. Planning for a worst-case scenario and being prepared to respond is absolutely necessary.

2. Avoid a single point of failure

If you only have one copy of your data and it’s hit by ransomware, your options for getting it back are severely limited. The same is true in the event that a unique piece of data is accidentally deleted or overwritten. Your chances of restoring the information, however, are significantly increased if you already have a backup copy. Two copies are better than one and three copies, where one is offline and immutable, supports best practice.

3. Monitor your data

Data monitoring so that a business is able to recognise any material changes to files, can help businesses to spot a ransomware attack quickly and respond in good time. Monitoring data can also help to identify if files have been accidentally removed. In the immediate aftermath of an accident, there are often ways to reverse its impact. Spotting changes quickly will nearly always give you an advantage.

4. Employee education, communication and trust are key

Sophisticated phishing schemes mean that employees are very often the gateway to a ransomware attack. As a result, many businesses offer companywide training on how to respond, encouraging team members to communicate instantly if they think they’ve been the cause of a breach and to trust that they won’t be blamed for it. The same approach is not often extended for data loss accidents but would help businesses to identify challenges, monitor risk and act accordingly.

5. Protected data is as vulnerable as any other

If left unchecked, ransomware can quickly move from primary data to its backups. Similarly, errors made in primary data will soon be reflected in the backup. Having the right policies and technologies in place to ensure that backup data is there when needed is critical.

So, is ransomware or human error the most likely to knockout a data centre? The reality of the situation is that they’re both coming for the data, and it’s almost inevitable that both will hit. Business should be prepared to protect, detect, respond and recover from either threat to their data and, those that box clever, should be prepared for both.

Mark Nutt, SVP, International Sales, Veritas Technologies LLC