Ransomware attacks: why are CISOs still overlooking a key prevention method?
Ransomware attacks: why are CISOs still overlooking a key prevention method?

Ransomware continues to be one of the biggest headaches on any CISO's list of data security threats. If you were to ask a CISO what their ‘drop everything' moment would be in the last few years, it would undoubtedly contain the word ‘attack.' Whether a senior executive's laptop is infected with ransomware or a hard drive is encrypted, as soon as an attack occurs they would be the ones in the firing line, being forced to answer uncomfortable  questions. How could this happen? Why don't we have firewalls to prevent this from happening? How do we get back to business as usual?

In the midst of disasters like these, it's easy for the same senior executives to over-react and assume the worst, deciding to take no more chances and allocate resources to further cyber-defences to ensure it can never happen again. In the end, however, it's where this money is spent that determines the true return on investment.

As an example, it's great to see this channeled towards the continuous backup and recovery for both desktops and laptops. However, the standard reaction of completely replacing hard drives is simply throwing money away. The real solution is to implement secure data erasure, which restores all devices to an immaculate state, not only much faster but with a far smaller demand and burden on the capacity of an organisation's IT department. 

Unfortunately, ransomware only needs a victim to open a simple attachment or click on a bad link for the malware to be downloaded. What's more, this can be entirely unique to the target, thereby bypassing most endpoint protection. The most recent strains of ransomware, such as Wannacry, used worm-like capabilities to spread from machine to machine within an organisation, thereby causing even more destruction than one single infection.

If an organisation is lucky, there may be researchers who have already published the keys to decrypt encrypted hard drives, however most of the time that's not the case. Regardless, the organisation is still left with the overwhelming task of reinstating the usability of each machine. A word of warning – if backups do exist, it is not advisable to simply reload the data or even re-image the machine and then reload. Progressive malware can leave behind elements that can then start a new infection, download new payloads and ultimately cause even more damage. This is known as ‘persistence.'

To guarantee a machine is completely clean before re-installing the OS, apps and data, it should undergo complete data sanitsation. This is known as the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device in order to ensure it is irrecoverable. This is the case for all traditional IT equipment with data storage, as well as mobile devices and any internet-connected devices. A device which has been sanitised has no usable residual data, which can never be recovered, even with the use of advanced forensic tools. There are three methods to achieve data sanitisation: physical destruction, cryptographic erasure and data erasure.

Worryingly, many people still don't fully understand data sanitisation as there continues to be confusion around the definition and varying methods of achieving it. Some organisations believe factory reset, reformatting, data wiping and data clearing are capable methods of achieving data sanitisation, when they are far from it. Because of this, these organisations are failing to employ the necessary steps to implement a data sanitisation process and therefore leaving themselves vulnerable to a ransomware attack.

Sadly, this is not the only headache for many CISOs. If their security processes are not adequate and up to scratch, an organisation cannot guarantee that it is able to adequately protect sensitive information. It is then liable to coming up against both legal and financial problems.

What's more, with the arrival of EU GDPR in 2018, organisations who maintain a lax attitude to compliance could be fined up to €20 million, or four percent of their annual worldwide turnover. If organisations do not begin to change their thinking in terms of ensuring the security of the data they hold, Ransomware attacks won't be the only headaches they face in the future.

Contributed by Richard Stiennon, chief strategy officer, Blancco Technology Group and director of International Data Sanitization Consortium


*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.