Part of:Explore storage security best practices and standards
5 tips for primary storage ransomware protection
Explore the steps storage administrators can take to safeguard against ransomware. Dive deep into tips on access control, vulnerabilities and storage monitoring.
Ransomware is one of the top cybersecurity threats that puts enterprise data at risk. As a result, IT teams are under greater pressure than ever to have primary storage ransomware protection.
Ransomware has become more sophisticated, targeted and costly. Threat actors are no longer satisfied with encrypting data and demanding ransoms but now also exfiltrate data and threaten to release it if victims don't make additional payments. Attackers go after organizations of all types and sizes.
Storage administrators have their hands full trying to protect data against ransomware. Their efforts need to be part of an organization-wide strategy that includes multiple components, such as developing a protection plan, training and educating workers about ransomware, implementing network segmentation, maintaining strict email and messaging controls, allowlisting applications and deploying a strong backup and disaster recovery strategy.
In fact, storage administrators should make backups a top priority, ensuring that they copy data to a secure location and can easily recover if needed. But they should do more than just back up their data. They should adopt the following five best practices to aid their storage ransomware protection.
1. Secure your storage environment
Ensure that the organization regularly applies updates and security patches to all software and firmware. Many organizations fail to do this in a timely manner, which leaves storage systems vulnerable to hackers who take advantage of known -- and often well-publicized -- vulnerabilities.
Storage administrators have their hands full trying to protect data against ransomware.
Be wary of legacy storage systems that include fewer security protections. Many organizations put themselves at risk by failing to disable insecure legacy protocols such as Transport Layer Security 1.0 and 1.1, Server Message Block 1.0 or any version of Secure Sockets Layer. In addition, organizations should consider immutable storage to support write once, read many operations. Threat actors will use any means possible to inject ransomware into an environment, and the fewer vulnerabilities for them to exploit, the better.
2. Control access to storage resources
For storage ransomware protection, apply granular access controls that follow the principles of least privilege. Users and applications should have only the minimal level of access they need to carry out their tasks. Restrict the use of elevated privileges and avoid such practices as sharing administrative passwords. In addition, disable default system accounts, many of which are known to administrators and hackers alike.
Use due diligence in granting access to shared storage resources, especially if supporting connections from external networks. Require strong authentication for all users -- enforce such restrictions as minimal password strength, periodic password expiration and multifactor authentication. Role-based access controls can also be a useful strategy when protecting storage systems. For example, create separate roles for managing data, running backups and administering infrastructure.
3. Protect sensitive data in the storage environment
One of the best ways to protect sensitive data is with advanced encryption algorithms such as AES-256. At one time, encryption did not seem a particularly useful defense against ransomware, which could simply reencrypt the data to prevent any access to it. Now cybercriminals also steal data, which makes encryption an essential strategy for storage ransomware protection, as well as other types of threats.
Implement an encryption key management strategy that safeguards keys throughout their lifespan. Centralize key management, automate management where possible, securely store encryption keys and properly dispose of keys after they're no longer needed. Cryptographically timestamp data before encryption, which makes it easier to identify whether anyone has tampered with the data.
4. Check your storage environment for vulnerabilities
Continuously assess your storage environment for vulnerabilities, looking for such issues as unpatched software and improper system configurations. Run regular security tests to expose possible flaws. For example, run infrastructure penetration tests that simulate attacks to verify the effectiveness of storage ransomware protection.
Scan the storage environment on a regular basis to look for malicious code. Automatically scan incoming or modified files before storing them to ensure they don't contain ransomware or other malware. Consider automatically removing embedded objects in certain types of files, such as Word documents, to avoid introducing malware into storage systems.
Many organizations use data loss prevention tools to prevent sensitive data from leaking outside their networks. In addition, some organizations scan the internet on a regular basis to look for exfiltrated data in case their systems have been compromised without them knowing.
5. Monitor your storage environment
Continuous monitoring is essential to storage ransomware protection. Comprehensive monitoring provides full-time, end-to-end visibility into the entire storage and data environment, even if it includes thousands of components distributed across multiple locations. Monitoring helps identify anomalous behavior, unusual data access patterns and fluctuations in services. A monitoring system should provide smart analysis and alerting, using artificial intelligence and advanced analytics capabilities.
Most monitoring systems also provide administrators with a centralized dashboard that can offer quick insights into the storage environment, with the ability to drill into information about individual components. Many of these systems provide visualizations and key performance indicators that highlight when an organization has reached predefined thresholds. Most monitoring tools can alert administrators to events that need their immediate attention, enabling them to identify and respond to potential threats as quickly as possible.
