Ransomware attacks are not just limited to Encrypting data

0
655

Cyber ​​security threats are taking new forms and expanding every day. Attackers are constantly collaborating and innovating to crack the most robust security architecture. Varonis Data Security Platform detects cyberthreats from both internal and external actors by analyzing data, account activity and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. TimesTech Media interacted with Mr. Maheswaran, Country Manager for South Asia at Varonis to know more about the cybersecurity challenges and how one should be better prepared to handle it.

Read edited excerpts from the interview here:

TimesTech: “Varonis is fighting a different battle than conventional cyber security companies.” So, what Varonis is all about, and how it is fighting a different battle than the conventional cyber security company?

Maheswaran: So firstly, I’ll just give a quick overview of who we are as a company. So, Varonis is a 17-year-old company and we are leaders in data access governance, we are listed on NASDAQ, and we do approximately about 400 million in Revenue. These numbers are reported and we also have close to about 8,000 plus customers across the globe. We are uniquely positioned to address customer challenges around data protection, threat detection and response. Mostly because we help customers to adopt the data Centric approach or a data-first approach. What we essentially mean by that and why we think it’s important is because with the change in the business landscape where data is moving really beyond organizations’ boundaries and assets users are accessing it from anywhere on any device and threats are also targeting data.

Varonis in a way that will help organizations to deploy a lot of controls and monitor activity around something that organizations have control over, which is users and data. And that’s why we think we are uniquely positioned and help customers in detecting a lot of complex threats like Insider threats and advanced malware attacks and things like that.

TimesTech: Cybersecurity issues were there before Covid. But a lot of emphasis has started on cybersecurity after Covid. So why does that happen?

Maheswaran: I think cybersecurity was always having momentum even before 2020. There was a lot of emphasis on cyber security. Cyber security was becoming a boardroom issue and members were keen to understand the organization’s poster to defend against because cybersecurity risk is directly translating into business risk. 

During Covid, the attack surface has expanded significantly and it also helped organizations to experiment and embrace a lot of things that they probably thought were not possible in their ecosystem.

So, that created a lot of interest in organizations and started thinking about how they defend against such attacks. CIOs also saw a huge benefit in operating at a minimized cost because of embracing these new modern avenues like digitization, work from anywhere, and work from any device. It also helps organizations to save a lot of money. Not immediately, the initial investment was there, but the operational cost in managing IT and security, they believe that it’s going to be reducing significantly and that accelerated organizations to also secure infrastructure while embracing these new IT demands.

TimesTech: What are the important things that the industry should know about ransomware? 

Maheswaran: So, firstly, in terms of ransomware trends, I want to highlight the top two trends that I think the industry should know. One, we have started seeing a lot of specialization. So, ransomware is not just done by one or two individuals. It’s done by an organized group and they started collaborating a lot. What I mean by that is the ransomware as a process from creating ransomware, getting initial axis proliferating the ransomware into an organization laterally, moving into an organization, exfiltrating data all these are now done by different teams. So, that is something that we need to be aware of as an industry and that’s going to make these attacks more successful than before. So, we have to be better prepared. 

Secondly, we also have started seeing ransomware attackers are not content with encrypting data and just asking for a ransom from the organizations. They are also exfiltrating data because they know that the organizations have a stringent backup process and they’re able to retrieve backups. So, that’s the reason other than encrypting data, they are also now trying to exfiltrate data and threatening that if they don’t pay the ransom that the data is going to be exfiltrated. 

So, these two things are very important. So, ransomware was earlier more of data tampering than data exfiltration. But now ransomware attacks are also steering a lot of data. So, organizations now, have to find ways to enhance their data exfiltration controls in their architecture. 

So, we think one of the most important things that organizations need to be aware of is the over-exposure of information. We call it Blast Radius. What we mean by that is if a user’s credentials get compromised, or if your user becomes robbed what is the number of files or information that particular user has got access to, and does that user need access to that information or not? 

TimesTech: If we airgap backup data from operation data. Is it a safe tactic against cyberattacks?

Maheswaran: One of the things that we normally see with some organizations when we perform assessments in backup, board members’ data or very senior positions’ data, and contract employees’ data get backed up to the same backup strategy. It goes into the same backup media and once it goes to the backup media it can be accessed by anybody and they don’t differentiate there. So, whatever I just said for data, in terms of monitoring access, limiting access, and monitoring usage also goes to backed up data.  

Yes, having a backup strategy and backing up data is important but if the access is not limited, for instance, if an admin has got access to all data that is backed up and if the admin credential gets compromised and there is a way that admin can access the backup data from the compromised network or device, then even the backup data is vulnerable and even that can be corrupted. 

TimesTech: What are the common ways and unusual ways through which the data is getting breached? 

Maheswaran: It all starts with the users doing something that they should not be doing or users not doing something that they should be doing. Most of the attacks are accidental data breaches that happen because of an accidental or intentional behavior of the user. So, I’ll divide the data because into three aspects. One is the Unintentional Ignorant Behaviors of users that cause data loss. The second is Unintentional Malicious Behavior. and what I mean by that is the user is not having any malicious intent but as a machine could have been compromised or his credentials would have been compromised and that is with malicious intent, and that is stealing data. The third aspect is Intentionally Malicious User. So, a user, might have resigned or the person might have gotten lower reprisal, he might be disgruntled, or is got a motivation to make money by sharing data, whatever. So that’s a third behavior. 

So, 60 to 70 percent of breaches that typically happen in an organization are because of Unintentional Ignorant Behavior. So, it’s very important to educate users about the organization’s policies. Check what sort of awareness campaigns are in place to educate employees.

The second thing is in Unintentional Malicious Behavior, that’s where organizations need to look at deploying a lot of controls to defend against malware coming in, educate users about phishing attacks, prevent phishing attacks, check whether the data is there in the dark web. It’s also very important to have controls around data and users. So, whenever any abnormal activity happens because even though the hacker has users’ credentials, he or she cannot mimic the exact user behavior in getting access to networks, or getting access to data. So, it’s important to understand that, monitor usage patterns and block them. 

The last one is in tension which will be less than 5% for most organizations, the always intentional malicious user. So, it’s very important for organizations to monitor user behavior around data and network access, and identify high-risk users which could be the senior leadership, their secretaries, administrators, or privileged users because normally these privileged users will have a lot of access given and at the same time mostly there assets will be least controlled. They’re not monitored a lot. So, it’s important for organizations to also put them on a watch list, have constant monitoring of their behaviors and whenever there is an anomaly detected contain it. 

This is also needed now because CERT-IN has come out with this mandate to report breaches in six hours. So, organizations have to enhance their software framework and check what are the gaps that exist in their detection and response control. 

TimesTech: How do look at the future of the Cybersecurity market and the plans of Varonis moving forward? 

Maheswaran: Threats are always going to remain and it’s going to get more advanced and more complex.

At Varonis, our core focus is going to be remaining around these three segments- data, protection, threat detection, and response, and privacy and compliance. Obviously for us to stay ahead of the game, like, the way we did. It’s important for us to innovate. So, we have a lot of plans to stay ahead in the game and come up with innovative measures and controls to help organizations to automate a lot in detecting threats, understanding what data is important and containing those data and ensuring that there is the least access privilege around it. We’re going to help organizations automate a lot of this because we understand cybersecurity skill is a big issue and there’s a big gap.