The recent Colonial Pipeline ransomware disruption highlights the fact that it’s not likely a question of “if” your organization will become a victim of ransomware, but “when.”

Why are enterprises and their IT departments good targets for so-called ransomware specialists? IT holds a company’s most sensitive, lucrative information and can be the most accessible. Targeting those parts of a company where victims’ most sensitive and critical data is stored and the users have elevated permissions might enable the extortion of potentially huge sums of money.

Also, conventional ransomware campaigns that target individual PCs often deny access to arbitrary files that are not necessarily important to the victims. The result — in many cases, the victims will not pay the ransom. With enterprises, chances are victims will be more likely to succumb to the ransom request, as the stakes are too high.

Financially motivated professional cybercriminals operate most successfully as independent renegades and are constantly looking for new targets. Hackers like those behind the recent Colonial Pipeline ransomware disruption are fully capable of conducting ransomware attacks on individual IT groups. In that case, the victim forked over $5 million. Still, a cyber-crime typically costs a U.S. company $15.4 million when downtime is figured into the mix. That’s where collaboration with a data center fits in.

Layer on top of that the fact that more enterprises are shifting to the cloud, or to the hybrid cloud, or even in and out of the cloud. With that shifting landscape, ransomware will continue to become a challenge to the concept of the secure cloud.

When enterprises rely more and more on outsourced cloud and colocation platforms for infrastructure, it’s also important to assess what capabilities those providers have to provide ransomware protection and recovery. Good news, though: organizations are doing a better job at patching security breaches, especially those aided by data center security and technology.

Innovation Begets the Need for More Security

While security technology proliferates and customers require more advanced IT functionality to support capabilities like big data analytics, hyper connectivity, IoT convergence and automation, implementation and deployment of effective security architectures to prevent a successful ransomware attack are surprisingly very rare. This creates complexity, increases risk, and drives up costs. Take, for example, the widespread move to the cloud. While connecting branch offices directly to the internet greatly improves agility and reduces costs, it also significantly increases security risks. The sheer scale of growth in the area of IoT presents its own significant risks when managing policy.

Just as important, handling these kinds of breaches creates downtime for the small or medium sized business or enterprise. The value of that downtime can get costly, roughly $427 cost-per-minute for small businesses and a $9,000 cost per minute for larger enterprises.

The damages of downtime do not translate only to direct revenue loss. Business disruption also includes reputational damage and customer churn as well as end-user productivity. In addition, is the drain on the IT department and marketing, social media employees and customer service departments, as well as legal department involvement in any settlements or claims.

A Holistic Approach Can Save the Day

The good news, however, is that data center partners have experience across hundreds of clients and have thwarted a multitude of security breach instances that, all in all, better prepare them to help identify and avert ransomware issues. There are some promising signals. The security tools that block common malware are making a dent in that category. Trojan-type malware that peaked at just under 50 percent of all breaches last year has since dropped to 6.5 percent. Ransomware numbers can trend down similarly, especially when an enterprise works with a data center partner.

Data center providers that provide a dedicated chief information security officer (CISO), a security and compliance team, and well-established managed security platforms and techniques can provide added layers of protection against ransomware with services like file integrity monitoring and configuration scanning that can detect latent threats before they can be exploited. The data center CISO, often working in tandem with an organization’s IT leaders, can help establish the best mix of in-sourced and out-sourced management and tools especially when combined with a best-practices governance model.

The overall solution combines effective prevention technology, a unified security policy, and an operational model that is realistic to implement within reasonable staffing and budget levels.

Since there is no silver bullet against ransomware attacks, the best practice for your organization and IT environment is a multi-layered, defense-in-depth strategy, often working with a data center partner, to mitigate and remediate these malicious ransomware attacks.

The bottom line: Enterprises are sharpening their technological tools against such breaches but are also barely keeping pace with the new levels of complexity and sophistication that these new kinds of ransomware afford almost every industry and enterprise. Protection of the enterprise demands a holistic approach that evaluates security tactics, compelling an architected approach that prevents attacks before they happen – and just as important – saves money and downtime.


Mark Houpt

DataBank CISO Mark Houpt brings more than 25 years of extensive information security and information technology experience in a wide range of industries and institutions. Houpt holds a master’s degree in information security and assurance, as well as numerous security and technical certifications. Houpt is a member of several leading national and international security organizations and leads DataBank's information security and compliance initiatives.

Why SIEM is Good, But Not Enough
We’ve all heard the news. Ransomware attacks are growing even more pervasive, as cybercriminals exploit weaknesses across protective and restorative...
What Really Happens During a Ransomware Attack?
By early 2020, ransomware attacks had increased by 41% over 2019 levels, and the average ransom payment had risen to...
The Data Center Playbook for Disaster Preparedness
Developing a good disaster recovery strategy is essential for both enterprises and the data centers which serve them. A widely...
SAR Satellites Can Provide Life-Saving Aid for Disaster Recovery Efforts
Large-scale flooding caused by heavy rains in Germany and devastating landslides in the popular Japanese tourist resort of Atami are...