Data Risk Challenge: Ransomware Attack Versus Human Error

Every business leader hopes that neither a ransomware attack nor accidental data loss through human error will happen to their organisation. In reality, both present a significant threat to data integrity and business continuity. However, whilst the risks of cyberattacks are taken more seriously, the same care and attention that’s spent defending against ransomware is rarely lavished on barriers to protect against human error and unintentional data loss.

Where is the biggest risk?

According to the Veritas 2020 Ransomware Resiliency Research, enterprises surveyed have been the victim of 4.5 ransomware attacks. The risk is real and growing. In fact, cyberattacks have increased in frequency by nearly 50% during the third quarter of 2020. Attacks are getting more sophisticated as organised criminals zone in on high-value data from targeted organisations. Hackers are finding new ways to exert pressure on their victims to pay by bringing whole IT systems to a halt or stealing sensitive data and threatening to publish it online. As a result, 43% of attacked businesses have avoided paying a ransom to these criminal hackers.

Against this backdrop, anyone could be forgiven for thinking that these criminals were the biggest threat to business data. However, human error remains a far more common cause of data loss, and it is growing. According to an analysis of their data, 90% of all breaches reported to the UK Information Commissioners Office (ICO) during 2019 resulted from mistakes made by users; up from 61% and 87% over the previous two years.

Human error is becoming a more distributed challenge for organisations. Even if businesses train their entire workforce to exceptional standards, they’re probably only reaching a fraction of the people who could put their data at risk. Business partners, contractors, third parties, and all manner of workers in the supply chain can impact data integrity.

So, even with the rapid growth and greedy expansion of ransomware attacks, hackers still have a long way to go before having a broader impact on business data over human error.

What can we learn from the ransomware approach?

Whilst the motivation and circumstances behind these two types of data loss couldn’t be more different, the solutions have a lot in common. Here are five key lessons learnt from protecting against ransomware attacks that can be applied to prevent human error data loss:

1. Act as if a breach is inevitable
   Organisations have realised that trying to protect the network perimeter against an incoming ransomware attack is like trying to plug holes in a dam; ultimately, something will leak through. Planning for a worst-case scenario and being prepared to respond is necessary.
2. Avoid a single point of failure
   If you only have one copy of your data and it’s hit by ransomware, your options for getting it back are limited. The same is true if a unique piece of data is deleted or overwritten. Your chances of restoring the information are increased if you have multiple backup copies. To support best practices, two copies are better than one, and three copies, where one is offline and immutable is optimal.
3. Monitor your data
   Data monitoring is essential, so that an organisation can recognise any material changes to files, can help spot a ransomware attack and act immediately. Monitoring data can also help to identify if files have been accidentally removed. In the immediate aftermath of an accident, there are ways to reverse its impact. Spotting changes quickly will give you an advantage.
4. Employee education, communication, and trust are key
   Sophisticated phishing schemes mean that employees are often the gateway to a ransomware attack. As a result, many organisations offer training on how to respond, encouraging team members to instantly communicate if they think they’ve been the cause of a breach, and to trust that they won’t be blamed for it. The same approach is not often extended for data loss accidents but would help organisations identify challenges, monitor risk, and act.
5. Protected data is as vulnerable as any other
   If left unchecked, ransomware can quickly move from primary data to its backups. Similarly, errors made in primary data stores will soon be reflected in the backup. It is crucial to have the right policies and technologies in place to ensure the correct backup data is there when needed.
   

So, what will knockout your data centre? A ransomware attack or human error? The reality of the situation is that both are coming for your business data and will hit at some point. The law of averages says that human error will occur most often. Still, ransomware will also get there in the end, and both can be devastating. Organisations should prepare to protect, detect, respond, and recover from both threats.