Ransomware + Unstructured Data = Double Trouble

Unstructured data, growing exponentially, is the main vector of attack to plant ransomware in your infrastructure.   Protecting remote access to unstructured data via zero trust based security is more important than ever.

Ransomware + Unstructured Data = Double Trouble

Estimated reading time: 4 minutes

The meteoric rise of unstructured data

The meteoric rise of unstructured data within organizations is creating headaches for IT departments on two fronts.  First, there is the challenge of how best to harness this glut of content and secondly and far more importantly, how best to avoid becoming yet another victim of a ransomware attack.

That the two are inexplicably linked was evident in a study released last year that revealed “unchecked data growth, combined with a lack of visibility, is increasing the risk of breaches, ransomware and compliance violations dramatically. More than half of companies (52 percent) use more than 10 sanctioned file storage repositories, and 40 percent report unsanctioned cloud storage in use across the organization, as well as rampant use of informal repositories like email, Slack, and DocuSign.”

Key findings revealed that:

  • Remote work remains a reality: 88 percent said employees will work remotely at least some of the time throughout 2022.
  • Content sprawl is creating more risk: 100 percent of IT leaders say data is stored in informal repositories like email, collaboration portals, and local devices. They also rate these among the hardest to secure.
  • Ransomware is in the spotlight: Ransomware is now the top security concern for larger companies (1,000+ employees). 25 percent of all IT leaders say this is their biggest worry.

Ransomware attacks digital transformation’s dark side

Data meanwhile, a survey from research firm IDC found that upwards of one-third of organizations around the globe have experienced a ransomware attack. The manufacturing and finance sectors reported the highest incidents rates, while the transportation, communication and utilities/media industries reported the lowest rates.

Of note, is that only 13 percent of organizations who were attacked ended up not paying any type of ransom.

“Ransomware has become the enemy of the day.  The threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street,” said Frank Dickson, program vice president of cybersecurity products at IDC.

“As the greed of cyber miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data and leveraging multifaceted extortion. Welcome to digital transformation’s dark side.”

The issue here is that neither unstructured data which is growing in leaps and bounds, nor the cybercriminal is going to go away any time soon. According to cybersecurity expert, Ed Dubrovsky, CISSP, OSCP, “Ransomware has reached what can only be described as digital pandemic levels not seen before and with an extreme focus on unstructured data”.

Organizations must implement ways to protect unstructured data

In order to avoid ransomware attacks and others such as the incident in November when a rogue employee with Pfizer was successfully able to upload over 12,000 files that included confidential company documents, organizations must implement ways to protect remote access to unstructured data.

They have no choice as remote work is the new norm. Today, your data is everywhere – in the cloud, on-premise, via Microsoft SharePoint and accessible through NAS storage devices. With these changes, security, productivity, and remote data access are important challenges for IT.

This is where FileFlex Enterprise, the world’s first Zero Trust Data (ZTDA) access platform for remote data access and sharing comes in.

Adopted by the U.S. Department of Defense, Zero Trust is the new cybersecurity benchmark. With Fileflex Enterprise ZTDA you can securely access and share all the unstructured data located in a multi-cloud, multi-domain hybrid IT infrastructure without a VPN.

In this day and age, every organization regardless of its size has enormous amounts of unstructured data in existence both on-premise and remotely, but as an example of what this application is capable of doing, let’s focus on a Fortune 1000 company.

Your data is everywhere and FileFlex Enterprise lays a “zero trust data blanket of security”

Knowing that the data is everywhere, FileFlex Enterprise lays what I like to call a “blanket of security,” in the sense that remote access to all unstructured data is encrypted and secure, no matter who is accessing it. That includes a remote worker in HR downloading a spreadsheet or an outside contractor with log-in privileges.

Through it, nothing moves, nothing is synced or ever duplicated in the cloud and in terms of unstructured data, it is pure zero trust at its best for unlike a VPN, it provides micro-segmented user access to data, not access to the infrastructure.

In addition, aside from being able to scale to thousands of employees in less than a day across a global hybrid IT infrastructure, all unstructured data remains in source locations. It is not moved, synchronized or copied to a secondary location or third party and when remotely accessed, it is end-to-end encrypted.

Protect your most valuable asset – unstructured corporate data

Security features meanwhile, include multi-factor authentication, device authentication, AES-256 hybrid point-to-point double encryption and full real-time audit and event logging to track activity down to the file level. And it integrates into your security incident event management software.

AES-256 is the first publicly accessible and open cipher approved by the United States National Security Agency (NSA) for top-secret information. It remains today the only algorithm listed by the National Institute of Standards and Technology (NIST) for protecting classified data.

In closing, the FileFlex Enterprise platform provides secure ZTDA based remote data access and sharing across a hybrid-IT infrastructure to protect remote access what is no doubt an organization’s most valuable asset – its unstructured corporate data.  To learn more, check out our web page that details our zero trust based security or go to our virtual learning center.

Mr. DeCristofaro is CEO of Qnext Corp. with over thirty years of computer industry experience and multiple M&A transactions. A highly successful entrepreneur, he has started, developed and either merged or sold several technology companies including MGI Software which was Intel invested.