​Evolving Data Security in the Age of Ransomware

With ransomware on the rampage worldwide, data security has never been more important.

Protecting your valuable data – whether it’s crucial business information or precious family photos – from cyber criminals who want to encrypt it and force you to pay a ransom to get it back has become a paramount concern for IT professionals and home users alike.

But malware is just one of the many things that data security has to contend with. There are also computer viruses, hackers, insider threats and data loss due to hardware failure, natural disaster or user error.

Let’s take a broader look at data security, its history and the steps you can take to safeguard your digital information.

Centuries ago, data security amounted to closing a scroll with a wax seal so the recipient knew the message hadn’t been read by the couriers delivering it. In modern times it has meant keeping ledgers and paper documents stored in safes or locking file cabinets. But since the tech boom of the 1960s, data security has become synonymous with IT. Today it means ensuring that computer data is only available to those who are authorized to access it. So here’s the formal definition of data security today: the protection of data and systems from unauthorized access, disclosure, modification, destruction or disruption. It is generally understood to cover three components:

• Confidentiality – Ensuring that only those authorized to access data are able to do so.
• Integrity – Ensuring that information and systems are accurate, complete and uncorrupted.
• Availability – Ensuring timely and reliable access to data and systems.

Always a challenge, data security has become significantly more difficult since the advent of the internet, which has changed how people access and consume data. The World Wide Web is just that – a giant global network with billions of interconnected machines and devices. Throw in the rise of social media, cloud computing, and shared IT environments, and it’s clear data security has entered a whole new world. And the cost of not complying with data security standards has skyrocketed due to new government regulations that mandate strict record keeping. In the United States alone, these include the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act, the Family Educational Rights and Privacy Act (FERPA), the Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA).

Actually, this should be called big moments in data vulnerability. But here’s a look at how the data security breach has evolved over the years.  

• 1979 – Xerox creates the first computer worm. Its intent is to make computers more efficient, but the technique is later co-opted by hackers with nefarious aims.
• 1983 – The movie “WarGames” becomes a box office smash. It stars Matthew Broderick as a young hacker who brings the world to the brink of nuclear war and earns three Academy Award nominations.
• 1986 – The first computer virus, “the Brain,” is created, though not for malicious purposes.
• 1988 – A worm strikes the United States’ ARPANET system, a precursor to the internet, and disables 6,000 computers by replicating itself. The creator, Robert Morris, is sentenced to three years of probation and ordered to pay a $10,000 fine.
• 1999 – Two teenage hackers from California take control of more than 500 government, military and private computing systems.
• 2001 – The Code Red worm infects Microsoft software, with all of the infected computers attempting to attack the White House website simultaneously. The attack is thwarted, but still causes $2 billion in damages.
• 2006 – The Nyxem virus infects up to 1 million computers, overwriting files on the third of each month. Nyxem is spread by email attachments and targets common file types like Microsoft Word documents and PDFs.  
• 2009 – A sophisticated virus called Conficker steals financial data and passwords from millions of infected computers.
• 2013 – Hackers hit giant retailer Target and steal the personal data of 70 million customers.
• 2014 – Russian hackers steal more than 1.2 billion user names and passwords and half a million email addresses. 
• 2017 – Two high-profile ransomware attacks strike just a few weeks apart, infecting more than a quarter million machines worldwide and causing major disruptions to individuals, global corporations, and government agencies.

As you can see, the bad actors are constantly developing new ways to get at your data. And this list just scratches the surface. It doesn’t even take into account actions like theft of intellectual property or cyber terrorism conducted by nation states and their surrogates.

So how do you keep your digital information safe? While not especially difficult, it does take dedication and commitment. And if you take shortcuts, you’re likely to pay the price with a security breach of your own.   Here are some steps you should take to safeguard your data.  

• Use strong passwords or passphrases
• Use different passwords for different accounts
• Lock your computer when leaving it unattended
• Don’t store confidential information on mobile devices, USB drives, CDs etc.
• Don’t use personal email for business communications
• Keep your operating system updated
• Enable automatic software updates when available
• Use strong, reliable antivirus software
• Do not automatically connect to public wireless networks
• Disconnect your computer from the wireless network when not in use
• Use caution when downloading and installing software
• Don’t open email attachments from an unknown source
• Avoid clicking on links in an email from an untrusted source
• Don’t send confidential information via email or text 

Taken together, these steps will go a long way to keeping your data safe. But there’s one more key component to robust data security: a comprehensive backup solution.

Simply put, a detailed backup strategy serves as an insurance policy if your data is ever lost or damaged due to hardware/software failure, hackers, ransomware, natural disaster or user error – or any other scenario you can conjure.  Don’t think it won’t happen. Data loss hits everyone at some point. The median lifespan of a hard drive is only six years, and one in 20 die within the first year. More than 30 percent of PC users have lost all of their files due to events beyond their control. So it’s not a question of if you’ll fall victim to data loss, but when. So reliable backup software is vital to keeping your information secure. Ultimately the best backup solutions – such as Acronis Backup 12.5 for businesses and Acronis True Image 2020 for home users – are comprehensive but easy to use. You want to be able to back up everything you need to without a lot of heavy lifting. If your backup is too complicated or requires a lot of hands-on effort, it becomes a chore – and then your commitment to it is likely to waver, leaving your data vulnerable.

One of the side benefits of a robust backup regimen is that it serves as the ultimate protection against ransomware. With regular backups that are secured in the cloud, ransomware becomes little more than a nuisance. If a business is hit by an attack, it has little to worry about because it has safe, secure copies of any files that might have been encrypted. “Individuals or businesses that regularly back up their files on an external server or device can scrub their hard drive to remove the ransomware and restore their files from backup,” Peter Kadzik, assistant U.S. Attorney General, wrote in a letter to Congress in 2016. “If all individuals and businesses backed up their files, ransomware that relies on encrypting user files would not be as profitable a business for cyber criminal actors.” But Acronis’ leading-edge technology goes even further in the fight against ransomware. Our groundbreaking Acronis Active Protection is the only backup technology that uses artificial intelligence to actively fight back against ransomware. Acronis Active Protection uses sophisticated analysis and machine learning to monitor a system. If it spots any errant behavior or suspicious processes, it immediately stops the activity and blacklists the program responsible for it, ensuring that it can’t restart on the next reboot. If ransomware somehow does manage to sneak through and start encrypting files, Acronis Active Protection will quickly detect the data encryption that’s going on and halt it – automatically restoring the files to the most recently backed up version. How effective is Acronis’ solution? It’s stopped 15,000 ransomware attacks for 10,000 customers since it was first launched in 2017. And in testing by an independent lab, Acronis Active Protection significantly outperformed 22 anti-virus solutions in recognizing and blocking ransomware. That’s because many strains of ransomware are zero-day exploits that are unknown to traditional signature-based anti-virus software. Because Acronis Active Protection uses artificial intelligence to look for erratic processes and behaviors, it’s able to quickly spot ransomware’s destructive fingerprints and put a stop to it before the damage is done – even with a zero-day attack. And remember that third pillar of data security – data integrity? Acronis has you covered there as well with Acronis Notary, which creates a one-of-a-kind “fingerprint” for your data and uses Blockchain technology to verify its integrity or show a legal chain of custody. It can be used for legal documents, medical records, contracts or even chain-of-custody purposes for evidence in criminal proceedings.

IT is entering the age of ransomware, and data security has never been more important. Protecting data from unauthorized access, preventing it from being corrupted and ensuring it’s always available to legitimate users is a top priority for companies and home users alike. A key part of data security is a strong backup solution like Acronis Cyber Backup or Acronis True Image, which not only protect from data loss but go the extra mile to stop ransomware before it can wreak havoc.