The Storage Manager’s Quick-Guide to Ransomware Resiliency

Part 1: Why Storage Managers Need to Prepare for the Ransomware Scourge

Certain parts of the enterprise are more concerned about ransomware than others. The security, networking, and help desk teams are very much in tune with the threat that ransomware poses on a daily basis.

Storage managers, however, don’t tend to pay as much attention based on the belief that their systems lie at the backend and don’t pose the same level of risk as other layers of IT. Research from Continuity, however, makes it clear that this is not the case. Any enterprise storage device has 15 vulnerabilities / security misconfigurations on average. 3 can be considered high or critical risk. Therefore, it is vitally important that storage managers understand the magnitude of the ransomware menace and what they need to do about it.

Let’s begin with a few facts about ransomware. An Enterprise Strategy Group (ESG) study found that cybersecurity has replaced cloud and artificial intelligence (AI) as the top area for IT spending. With almost two-thirds of organizations intending to increase IT spending this year, 69% said they are spending more on security this year compared to last. Only 2% said they will pay less for cybersecurity in 2022 compared to 2021.

According to the study, 54% of respondents said the main driver of technology spending was the achievement of stronger cybersecurity and improved resiliency against cyberattacks. Why?

ESG discovered that 48% had been the victim of at least one successful ransomware attack. Two thirds of those attacked had paid a ransom to recover access to their data, applications, and systems.

Despite all the attention given to digital transformation, the transition to the cloud, and the need to deploy analytics and AI to extract real-time insights from organizational data, 22% of businesses named ransomware protection as their top business priority. Another 46% named it among their top five priorities.

These finding are corroborated by another research study by Arcserve and Dimension Research. It found that 50% of organizations worldwide had been targeted by ransomware. These attacks are continuing at a high frequency, yet most organizations are unprepared.

The financial fallout can be staggering. 20% of organizations reported that their organizations were asked to pay $1 million to $10 million. Another 35% faced demands of more than $100,000. Understandably, they are responding with higher investment in better security tools, managed security services, improved backup/DR, and training for personnel. 64% are spending more to upgrade existing security software and add new security applications.

False Sense of Security

These increases in cybersecurity investment are important. However, those numbers might lure storage managers into a false sense of security.

Historically, storage has been viewed as a discrete unit within IT infrastructure. The old silos between networking, security applications, development, compute, and storage may be diminishing, yet storage largely remains a separate unit, particularly in larger organizations or those managing a lot of data.

Added to that is the burden of responsibility that falls upon the shoulders of storage managers. It is heavier than ever. In modern IT, they are required to manage mountains of data with far fewer personnel than in the past. These two factors can sometimes make security and storage worlds apart. That needs to change.

Take the case of the many vulnerability scanning, configuration management, and patch management tools that currently exist. Yes, they are great at inventorying and scanning networks, systems, operating systems (OSes) and enterprise applications. But they do don’t do a thorough job on storage. Shockingly, they often miss security misconfigurations and CVEs (Common Vulnerability and Exposures) on storage systems.

Yet some storage managers continue to believe they are immune to ransomware and that systems from the likes of Dell EMC, NetApp, Pure Storage, and HPE are out of the reach of cybercriminals. Nothing could be further from the truth. Hackers are notorious for finding ways to obtain administrative privileges. Once they possess them, they can easily find their way into storage systems and wreak havoc.

The fact is that hundreds of active security misconfigurations and CVEs currently exist in various storage systems.

Yet some storage managers are unaware of them. Our research shows that on average, about 20% of storage devices are currently exposed. That means they can be attacked successfully by ransomware.

Continuity’s StorageGuard finds those security risks that other tools miss. Developed specifically for storage and backup systems, its automated risk detection engines check for thousands of possible security misconfigurations and vulnerabilities at the storage system and backup system level that might pose a security threat to enterprises data. It analyzes block, object, and IP storage systems, SAN/NAS, storage management servers, storage appliances, virtual SAN, storage networking switches, data protection appliances, storage virtualization systems, and backup devices.

Click here to read Part 2 of this article, where I cover the key factors storage managers need to address to achieve ransomware resilience.

In Part 2 of this article (published at the end of September), I cover the key factors storage managers need to address to achieve ransomware resilience.