Protecting data-rich organisations

Richard Cassidy at Rubrik explains how data-rich organisations can respond differently to ransomware threats 

 

It’s an uncomfortable truth that cyber-attacks are increasingly unavoidable. With more attacks year on year, today’s CISOs are facing intense pressure to combat the ransomware threat. Meanwhile, data volumes continue to grow, meaning that CISOs need to defend more data, and fast. 

 

The human impact of this cannot be ignored. The recent ransomware attack faced by Synnovis, an NHS pathology supplier, allegedly by the Qilin cyber-gang saw more than 1,000 planned operations cancelled, with the stolen data including personal identifiable information (PII) and blood test results.

 

Data, and PII in particular, is threatened across all sectors as it continues to exponentially grow. The serious real-world impacts of when this data is compromised call for a drastic change in strategy. CISOs must adopt new frameworks around resilience and recovery or risk seeing similar costly disruption to business operations.  

 

Healthcare is at risk

Data is every organisation’s most important asset, and healthcare data is inherently sensitive. From the minute we are born, PII information about most individuals is recorded and stored across multiple locations. As a result, cyber-criminals naturally see the sector as one that they can make huge strides in, with healthcare organisations losing a fifth of their sensitive data in every ransomware attack. 

 

The recent attack on Synnovis is a prime example of the level of disruption that cyber-criminals can cause. In this case, healthcare staff were forced to revert to paper-based records, with capacity severely reduced, and disruption is likely to continue for up to six months. 

 

Following the attack, Qilin allegedly published almost 400GB of personal data on their dark web site, compromising a stark number of patients. A few months ago, it was a similar story when NHS Dumfries and Galloway faced a ransomware attack, and they had to warn patients of a risk of blackmail over their individual records when their records were compromised. 

 

After each and every attack, CISOs are fighting an uphill battle to mitigate the potential loss of data, maintain business continuity and protect their reputation. Without a fundamental shift in cyber-resilience posture, it’s a problem that will only get worse. 

 

Vulnerabilities across sectors – and beyond 

The healthcare sector isn’t a lone target for savvy cyber-criminals. Across sectors, organisations need to ensure that the data in which they are gathering and collecting is safely stored away from prying eyes. 

 

Not only can threat actors disrupt operations by withholding access to data, they are ever-adapting their tactics and identifying ways in which they can extract the highest ransom possible, through tricks like double extortion. 

 

CISOs are already under massive pressure to ensure operational resilience remains in the face of persistent threats. It is up to them to protect against the potential reputational damage that comes with an attack and subsequent release of data, which can erode the trust of customers/patients, staff and partners.  

 

However, the impact of attacks can also go far beyond reputation. Many businesses often lack visibility into the vulnerabilities of their supply chains. In fact, just 13% of businesses review the risks posed by their immediate suppliers, and the proportion for the wider supply chain is half that figure (7%). Given malware can be inflicted at any stage, it is vital for businesses to review cyber-security processes across the board. 

 

New regulations are coming

Regulations can play a crucial role in supporting CISOs, providing frameworks for reporting and ensuring that data is stored in accordance with minimum security requirements. 

 

The UK’s proposed Cyber Security and Resilience Act introduces expanded reporting requirements for ransomware attacks, providing government agencies with valuable new information on the scale of attack and the ability to increase support to affected businesses.

 

In addition, at the start of 2025, EU measure DORA (The Digital Operational Resilience Act) will be in effect. It will provide a uniform set of requirements for the security of network and information systems of organisations operating in the financial sector, as well as the third parties who provide their IT-related services. 

 

Alongside DORA, the UK’s Prudential Regulation Authority (PRA) continues to emphasise operational resilience, requiring banks to demonstrate their ability to withstand and recover from significant operational disruptions.

  

Recoverability makes the difference 

We must pivot from the traditional stance of "if" a data breach might occur, to a proactive acceptance of "when" it will happen—ushering in a mindset of embracing the inevitable to focus on achieving continued operations through bolstering cyber-resilience

 

In the face of such threats, CISOs must build a cyber-recovery and resilience strategy to ensure business continuity. When it comes to true cyber-resilience, organisations must be able to protect and recover data during, and after, an attack. If your data is secure, your business is resilient.

 

A robust data security regime means knowing where critical data is and what systems are required to maintain the minimum viable business operations. Regularly testing business continuity plans will give CISOs and C-Suite confidence in their ability to quickly resume critical systems in the face of a cyber-threat, reducing the leverage of the ransomware group.

 

The Scout motto, “be prepared” may be an old adage, but it rings true for data protection. CISOs must start responding differently to ransomware threats. They must prepare to recover from an attack, not just defend against it. 

 

---

 

Richard Cassidy is Field CISO EMEA at Rubrik

 

Main image courtesy of iStockPhoto.com and MartinPrescott