Ransomware is one of the most widespread threats that an organization faces with regard to business continuity, especially in modern times. While many organizations are spending a lot of time and resources on securing individual devices, protecting shared drives could potentially be a greater security threat. When an individual is compromised by a phishing email or infected application, the malware does not stay on that individual’s device; instead, it quickly gets to work, scanning the network for other shared drives, encrypting critical business information in a matter of minutes.
The centralization of information is a key element that enables collaboration, but at the same time, it also makes the shared drive a prime target for cyber criminals. To protect the shared drive, a solution that is a bit more sophisticated than a traditional antivirus program must be employed.
The Vulnerability of Connected Collaboration
The shared drive is undoubtedly the backbone of business efficiency in modern times. Whether an organization decides to go with an in-house server or a cloud-based storage system, the shared drive enables teams to collaborate on documents in real-time, allowing them to work seamlessly with one another, and instantly access historical documents at a moment’s notice should the need arise. It is because of this interconnectedness, however, that ransomware attackers are taking advantage of.
When an attacker compromises an individual’s workstation, he or she instantly inherits that individual’s rights on the network. If that individual has read/write access to all of the financial documents within an organization, then the attacker also does. This means that what was initially a minor nuisance on an individual’s workstation instantly becomes an uncontrollable catastrophe that paralyzes an entire organization. The rate at which modern ransomware strains are able to encrypt thousands of documents in a matter of minutes means that by the time an organization even realizes something is amiss, the damage is already done.
Implementing the Principle of Least Privilege
The best way to reduce the blast radius of an attack is to implement the Principle of Least Privilege, or PoLP, as strictly as possible. The Principle of Least Privilege is a security principle that states that users should be given access levels that are necessary to do their job functions, no more, no less.
Permissions are often too liberal, allowing users to see everything within an organization. For example, an intern in the marketing department does not need write access to the legal department’s contracts, but permissions are often given in such a way that users do just that.
The point is, system administrators need to implement permissions much more strictly, creating digital bulkheads that prevent users from seeing or accessing data outside of what they need to do their job functions. For example, users should be given “read-only” access to files that do not need to be written to, limiting the blast radius of an attack should an attacker compromise the user’s account. If an attacker compromises a user’s account, the ransomware cannot encrypt files that the user does not have write access to, essentially halting the spread of the attack.
Safeguarding Data with Immutable Snapshots
While this helps prevent attackers from carrying out any malicious activities, sophisticated attackers will always find a way to get around security. The latest generation of ransomware attacks is a good example. The answer, of course, lies in implementing immutable snapshots of your data.
Simply put, immutable snapshots of your data are point-in-time copies of your data that cannot be changed or deleted by anyone, including the administrator, for a specific period of time. If your data gets encrypted by the attackers using the latest generation of ransomware, you will always have the option to go back to one of the snapshots of your data taken before the attackers encrypted your data.
With the advent of cloud technology, this has now become easier to implement. The Google Drive ransomware protection tool has several features that enable version history or snapshots. If your files get encrypted and synced to the cloud, you will have the option to revert your files back to their previous state before they were encrypted.
Building a Resilient Data Strategy
To protect shared drives, it is not just a one-time task but an ongoing process that involves auditing the current state of the shared drives and updating the security protocols accordingly. By realizing the risks involved in network collaboration and using the latest data restoration technology like immutable snapshots of your data, businesses can turn their shared drives from weakness to strength.
