Ransomware and the Data Security Dilemma

The idea that hackers implementing ransomware-based attacks are stereotypical cyber ‘script-kiddies’ is gone. One only has to look at the rapidly rising recent numbers instilling fear across global enterprises- last year, 37 percent of all businesses and organizations were hit by ransomware with an average of $1.85 million in total recovery costs.

This is proof that ransomware is a money-making business model that sophisticated actors are leveraging to their benefit. This business strategy has already been institutionalized in the form of ‘Ransomware as a service (RaaS)’, a subscription-based model that allows affiliates to use already-developed ransomware tools to execute ransomware attacks. With the official institutionalization of such a devastating cybersecurity phenomenon, businesses need to focus on its core.

Data is your most valuable asset

For businesses to make real changes in their cybersecurity models, the idea that ransomware is solely a malware issue must go. The core motivation of ransomware comes down to access and security of a business’s most valuable asset – its data. Financial services, healthcare, and government institutions dealing with highly sensitive data and personally identifiable information (PII) are unsurprisingly top targets. In the second half of 2022, financial services saw a staggering 243% spike in ransomware, and as for the healthcare sector, one only has to look at the ransomware attack suffered by the NHS back in August.

Inherently, global organizations that fear ransomware are threatened by data encryption software being exploited by malicious actors. The data encryption and security aspect of ransomware defences is a necessity, especially seeing that even if a business hit with ransomware pays the ransom, on average, only 65% of the encrypted data is restored.

The value of data is clearly the main motivator, and as more and more data piles into our digital ecosystems, organizations need to act fast to take back control over data accessibility and security.

Designing data security

Businesses must acquire a security measure with capabilities that protect all sensitive data throughout its lifecycle for the continuation of optimal business operations, which forms 97% of driving new opportunities. Most security breaches that open the door for malicious actors to implement ransomware are consequences of poorly configured access controls traced back to data in use, which traditionally lacks protection. Right now, data privacy controls and security primarily focus on data at rest and in transit – an obvious and persistent weakness in most organizations’ best data security practices.

A variety of tools can be used to encrypt valuable data using advanced encryption methods. However, all these security measures are removed when data is processed, and hackers can still get in at either end of transmission. In other words, conventional encryption methods are limited to securing and encrypting data before and after transit. They may still also require low-level coding expertise that many businesses may struggle to implement in the first place due to high costs and ongoing skills shortages.

If organizations are to start their journeys towards beating ransomware, they need to target their efforts on protecting data-in-use.

A new data security design

Many privacy-enhancing technologies (PETs) can beat ransomware via enhanced encryption of data to provide advanced backup defenses. However, they are still lagging. PETs such as zero-knowledge proofs (ZKP), cryptographic multi-party computation (MPC), and homomorphic encryption (HE) are rooted at the software level with advanced math and cryptography. This means implementation is the first hurdle in harnessing their potential, considering they require expert cryptographic knowledge that requires a lot of highly skilled effort and time. With ransomware, where time is the enemy, as well as the bad actors themselves, businesses are desperate for solutions now- solutions that need extensive time and staffing are not ideal.

Not only this, but many PETs also still struggle to offer complete data security while being processed – the most vulnerable point in any given data lifecycle. Businesses will want to continue making the most of their data while still limiting unwanted access. This presents a dilemma – most businesses still don’t know how to take back control over their data security beyond just encrypting it in transit and at rest. Leaders need to look at ways they can secure organizational data during processing.

Thankfully, there is one PET that could be the answer - confidential computing. This emerging technology provides data-in-use encryption so nobody (not even the owner of the computer) can view or access full data sets throughout the data lifecycle. This limits the attack surface for breaches and reduces ransomware potential.

Confidential computing offers this critical solution by enabling the creation of trusted execution environments (TEEs) that provide the necessary isolation of your sensitive data while it’s being processed, when it is most vulnerable. Rooted at the hardware level, harnessing Intel’s Security Guard Extensions (SGX), confidential computing decrypts data and operates on it within the protected confines of this trusted hardware. It then encrypts results before they are sent to be stored in memory, meaning data is never exposed and is always self-secured. Furthermore, its main remote attestation feature, a process that provides confidence to a user they are talking to a genuine TEE, before sharing data, will instil confidence in knowing when it is safe or unsafe to share data. This means business operations can continue without a fear of any breaches that could open an attack surface for bad actors to exploit.

Coming first in the ransomware race

The final hurdle to beat ransomware with a data access and security approach is the ease of its implementation. As aforementioned, although many PETs could provide a critical solution, implementing them to reach their full potential, and fast, is a final obstacle. Like other PET solutions, enabling full capabilities of confidential computing still usually requires specialized knowledge to use it effectively.

Essentially, we need solutions that harness the power of these critical solutions but making it easy for developers to build. Realizing this hurdle, Conclave has focussed on making its confidential computing solutions as accessible and easy-to-use as possible. With Conclave, developers without extensive knowledge in cryptography can use the power of PETs by coding in easy-to-use high-level languages like Java & Kotlin. This enhanced ease of accessibility, generating the required rapidity of data security solution implementation, could be the critical cog businesses need when it’s a race against time against those looking to wreak ransomware havoc.

Want to learn more on upgrading your data security? Reach out here.