Raising Ransomware Resistance

In this Tech Barometer podcast, explore how data management and security innovations are bringing resilience to escalating threats of data destruction and exfiltration.

Find more enterprise cloud news, features stories and profiles at The Forecast.

Transcript:

John Dodds: Data governance and regulatory frameworks are creating the impetus to involve ransomware. It’s like creating the external factor.

Tuhina Goel: Today it has really evolved into pure data destruction, data exfiltration. So that’s one major difference we’ve seen in the last couple of years.

Jason Lopez: On this edition of Tech Barometer, ransomware. The latest trends and developments from two people behind the scenes working on technologies to keep data protected.

John Dodds: Every new cool technology comes out and solves an amazing problem immediately makes security more difficult because it’s new.

Jason Lopez: In 2023, the costs of cybersecurity and the payouts to ransomware criminal organizations rose to unprecedented levels. Businesses lost over a billion dollars in payouts. Hospitals, school systems, public utilities have been prime targets.

John Dodds: How can we go from detecting as fast as possible to closing the risk holes before they even become exploitable? That’s where AI is going to be a big deal because we have the power at the edge now to make it a reality.

John Dodds: The privacy thing has really created a big problem because it’s not just a matter of, oh, I can ignore the ransom and maybe I had good backup hygiene and things like that.

Jason Lopez: John Dodds is a cybersecurity expert who’s part of the product management team at Nutanix. In the interview we did with him, he cited multiple factors which explain the rise of ransomware.

John Dodds: The data itself creates a problem because with all the different privacy regulations and data sovereignty rules and regulatory frameworks, it started with GDPR, moved into California Consumer Privacy Act. And now we have regulations in the European Union like DORA. All of these regulations are putting an emphasis on the data custodian’s responsibility to protect that data. Everyone knows that these companies could be held liable.

Jason Lopez: One kind of organization is especially vulnerable... health care companies. And they are increasingly vulnerable when hackers don’t just lock down data but steal it.

John Dodds: That information is so sensitive and so protected. When they get attacked and there’s any chance of exfiltration, they almost have to pay the ransom in some cases because penalties for violating HIPAA and violating all these other things, not just monetary, but also the human damage is getting very, very, very severe.

Jason Lopez: Many organizations are legally responsible for keeping the data on their platforms secure. But this exists, he says, within a compute environment that gives hackers numerous entryways. Dodds points out that, as users, we have more data freedom than ever before.

John Dodds: We have hybrid workforces coming in and VPN aggregators. We have people allowed to access corporate data on mobile devices like iPhones and Android devices. Security teams 20 years ago would have never have let that unrestricted, multidimensional access happen on corporate data that was considered sensitive. The reason why we have this power and flexibility of the modern hybrid workforce and the hybrid cloud environments out there is because these technologies have gotten much more seamless and much better.

Jason Lopez: In the past many organizations might ignore a ransomware attack. But lately, more are paying the ransom. When you add up all the variables from sensitive information, data freedom and liability, the world which organizations operate in has become far more complicated.

John Dodds: Complicated is the right word. The ransomware attacks aren’t going to stop, but how we react to them is continuously complicated by everything that’s going on in the data governance world at the same time.

Jason Lopez: In this simple hypothetical, Dodds illustrates how, along with threats from hackers, IT departments have to deal with regulators.

John Dodds: There’s one thing that I could say that could probably scare you. Do you process credit card data? If we were in a legal case and someone comes up and says, show me every single file that this person touched because I need to know if they had access to insider data or something like that, we were finding a lot of IT administrators sitti...