Over many years and successive generations of information technology, financial services organizations have invested significant time and effort in developing their business continuity strategies. These plans generally take into account the myriad regulatory and compliance considerations that protect against fraudulent transactions, safeguard confidential and sensitive data, and ensure data retention for audits, among other things. And, of course, they ideally include near-instant failovers and recoveries.
In recent years, due to the rise of ransomware attacks, many financial institutions are rethinking their strategies to include ransomware prevention. They are considering how to address it, taking into account the threat of ransomware and the steps they need to take to ensure their business continuity plans reflect the full capabilities of their file data management platforms.
The financial threat of ransomware
Ransomware is defined as a subset of malware that holds a victim's data hostage or threatens to release that data until a ransom is paid. Ransomware can adversely affect any business, but poses a particularly high risk to banks and other financial services companies. In addition to potential financial losses and reputational damage, financial services firms are particularly vulnerable to business disruption if critical systems are taken offline during an attack (or for recovery after an attack).
For insurance companies, the threat also impacts business, with loss ratios for cyber insurance increasing nearly 75% in 2020 over the previous five-year annual average, leading to greater uncertainty and higher premiums.
According to the New York State Department of Financial Services (DFS), which investigated ransomware attacks between January 74 and May 2020 2021, a similar pattern occurred in incidents involving unauthorized "access to the victim's network using one of three techniques."
The benefits of file data management for ransomware prevention
Financial services organizations' most valuable digital assets, which are both critical to day-to-day operations and the ultimate asset in a ransomware attack, are stored on their file data management platforms. This could be locally in their data center; in cloud infrastructures; or increasingly in a hybrid combination of physical and cloud locations.
When considering file data management in relation to the threat of ransomware and how business continuity strategies should be enhanced to reflect the benefits of a modern file data platform, organizations are focusing on how their file systems can help with ransomware prevention and detection , and especially for business continuity, data recovery and remediation.
Ransomware Prevention
A software-only file system, like Qumulo Core, offers significant advantages, such as a "locked down" underlying operating system that only allows operations necessary to perform the file system's tasks.
In addition, fast update-release cycles, automatically deployed security fixes, and reactive patches that are deployed even faster than regular releases ensure that the file system is always up to date. The file data management platform role-based access control (RBAC) is critical to ensure administrators can assign granular permissions to normal users or groups and reduce their permissions as needed while keeping them as low as possible.
Ransomware prevention can also be achieved through configuration options, such as hiding file shares from unauthorized users, explicitly knowing the share path to mount the share, and implementing an access-based enumeration for each share. Modern file data management platforms also provide additional host restrictions, such as.
Ransomware Detection
The file data management platform is also an important component of ransomware detection and uncovering malicious activity as early as possible. Implementing a holistic security approach that includes network, compute, device and event monitoring techniques, as well as data correlation and analysis, is preferable to isolated solutions embedded in the storage system. This can be achieved through API integration between the file data management platform and security information and event management (SIEM) software, which in turn enables automated defenses from any location if malicious activity is detected.
As part of a holistic ransomware prevention strategy, modern file data management platforms should have an industry-standard syslog format that can be read, parsed and indexed by the SIEM and handle all data access and management tasks. Ultimately, this is the most effective approach because malware can be detected and stopped before it reaches the file storage system. While the first line of antivirus prevention is data center infrastructure security, the file data management platform should support scheduled and on-demand antivirus scanning.
Ransomware Recovery
Even the best preventative controls can be overcome by attackers, so a robust ransomware recovery strategy is essential. A modern file data platform supports ransomware recovery and, ideally, is radically simple to implement.
Snapshots of file data can be taken at any point in time and should not take up storage space (only file changes require additional storage space). If a file or directory needs to be restored to a previous version, files can simply be copied back. Since these snapshots are immutable, a potential malware or ransomware cannot change their contents. Replicating snapshots is essential both to another cluster and to a cloud infrastructure for added reliability.
API integration of a file data management platform can easily detect changes between two snapshots and with a backup and disaster recovery solution that enables instant incremental backups with minimal effort. Snapshots can also be automatically stored in the cloud infrastructure, and there, the cloud provider's intelligent tiering can move older files to more cost-effective methods of storing data that is not actively being used. Of course, these snapshots enable effective failovers, and the file data platform should allow the enterprise to use any number of recovery point targets and recovery time targets.
Develop business continuity strategies to protect against ransomware
Many financial services organizations are reviewing and revising their business continuity strategies due to the threat of ransomware. They are increasingly developing strategies based on the capabilities of a modern file data platform - such as leveraging a rich set of data services and APIs to implement a holistic defense strategy against all types of malware, including ransomware.
Simple file data management, granular data access and management event stream processing allow an organization's file data management platform to be integrated into its security architecture. Corrective security controls such as simple data moves to the cloud, integrated backups and snapshot replications to support secure and robust recovery strategies should be easy to adopt.
File system platforms such as Qumulo Core also provide significant day-to-day and operational benefits and allow financial services organizations to leverage cloud infrastructure for additional benefits and multiple layers of protection.
In recent years, due to the rise of ransomware attacks, many financial institutions are rethinking their strategies to include ransomware prevention. They are considering how to address it, taking into account the threat of ransomware and the steps they need to take to ensure their business continuity plans reflect the full capabilities of their file data management platforms.
The financial threat of ransomware
Ransomware is defined as a subset of malware that holds a victim's data hostage or threatens to release that data until a ransom is paid. Ransomware can adversely affect any business, but poses a particularly high risk to banks and other financial services companies. In addition to potential financial losses and reputational damage, financial services firms are particularly vulnerable to business disruption if critical systems are taken offline during an attack (or for recovery after an attack).
For insurance companies, the threat also impacts business, with loss ratios for cyber insurance increasing nearly 75% in 2020 over the previous five-year annual average, leading to greater uncertainty and higher premiums.
According to the New York State Department of Financial Services (DFS), which investigated ransomware attacks between January 74 and May 2020 2021, a similar pattern occurred in incidents involving unauthorized "access to the victim's network using one of three techniques."
- Phishing
- Exploiting unpatched vulnerabilities
- Exploiting poorly secured remote desktop protocols
The benefits of file data management for ransomware prevention
Financial services organizations' most valuable digital assets, which are both critical to day-to-day operations and the ultimate asset in a ransomware attack, are stored on their file data management platforms. This could be locally in their data center; in cloud infrastructures; or increasingly in a hybrid combination of physical and cloud locations.
When considering file data management in relation to the threat of ransomware and how business continuity strategies should be enhanced to reflect the benefits of a modern file data platform, organizations are focusing on how their file systems can help with ransomware prevention and detection , and especially for business continuity, data recovery and remediation.
Ransomware Prevention
A software-only file system, like Qumulo Core, offers significant advantages, such as a "locked down" underlying operating system that only allows operations necessary to perform the file system's tasks.
In addition, fast update-release cycles, automatically deployed security fixes, and reactive patches that are deployed even faster than regular releases ensure that the file system is always up to date. The file data management platform role-based access control (RBAC) is critical to ensure administrators can assign granular permissions to normal users or groups and reduce their permissions as needed while keeping them as low as possible.
Ransomware prevention can also be achieved through configuration options, such as hiding file shares from unauthorized users, explicitly knowing the share path to mount the share, and implementing an access-based enumeration for each share. Modern file data management platforms also provide additional host restrictions, such as.
Ransomware Detection
The file data management platform is also an important component of ransomware detection and uncovering malicious activity as early as possible. Implementing a holistic security approach that includes network, compute, device and event monitoring techniques, as well as data correlation and analysis, is preferable to isolated solutions embedded in the storage system. This can be achieved through API integration between the file data management platform and security information and event management (SIEM) software, which in turn enables automated defenses from any location if malicious activity is detected.
As part of a holistic ransomware prevention strategy, modern file data management platforms should have an industry-standard syslog format that can be read, parsed and indexed by the SIEM and handle all data access and management tasks. Ultimately, this is the most effective approach because malware can be detected and stopped before it reaches the file storage system. While the first line of antivirus prevention is data center infrastructure security, the file data management platform should support scheduled and on-demand antivirus scanning.
Ransomware Recovery
Even the best preventative controls can be overcome by attackers, so a robust ransomware recovery strategy is essential. A modern file data platform supports ransomware recovery and, ideally, is radically simple to implement.
Snapshots of file data can be taken at any point in time and should not take up storage space (only file changes require additional storage space). If a file or directory needs to be restored to a previous version, files can simply be copied back. Since these snapshots are immutable, a potential malware or ransomware cannot change their contents. Replicating snapshots is essential both to another cluster and to a cloud infrastructure for added reliability.
API integration of a file data management platform can easily detect changes between two snapshots and with a backup and disaster recovery solution that enables instant incremental backups with minimal effort. Snapshots can also be automatically stored in the cloud infrastructure, and there, the cloud provider's intelligent tiering can move older files to more cost-effective methods of storing data that is not actively being used. Of course, these snapshots enable effective failovers, and the file data platform should allow the enterprise to use any number of recovery point targets and recovery time targets.
Develop business continuity strategies to protect against ransomware
Many financial services organizations are reviewing and revising their business continuity strategies due to the threat of ransomware. They are increasingly developing strategies based on the capabilities of a modern file data platform - such as leveraging a rich set of data services and APIs to implement a holistic defense strategy against all types of malware, including ransomware.
Simple file data management, granular data access and management event stream processing allow an organization's file data management platform to be integrated into its security architecture. Corrective security controls such as simple data moves to the cloud, integrated backups and snapshot replications to support secure and robust recovery strategies should be easy to adopt.
File system platforms such as Qumulo Core also provide significant day-to-day and operational benefits and allow financial services organizations to leverage cloud infrastructure for additional benefits and multiple layers of protection.