Ransomware: More pressure for transparency

Ransomware: More pressure for transparency

By James Blake, Global Head of Cyber Resiliency GTM Strategy at Cohesity

The recent Synnovis ransomware attack reveals how even critical infrastructures remain vulnerable and how complex and intertwined companies are today. This creates uncertain risks of failure. As a pathology laboratory, Synnovis is closely linked to some hospitals with its pathology services such as blood testing. The ransomware attack on the laboratory forced the affected hospitals to postpone a total of around 800 operations and around 700 outpatient appointments.

As a result politicians in the UK want to ensure companies are more transparent. Initial ideas are being discussed on whether all victims of ransomware attacks should be required to report incidents to the government. Affected businesses should also have to obtain a license before making extortion payments.

A complete ban on ransom payments for organisations involved in critical national infrastructure is also being proposed. The ban is intended to remove the incentive for hackers to disrupt these critical services by preventing them from monetising attacks. This would likely only reduce a subset of attacks though as nation-state actors are focused on destabilisation and destruction over cash reward.

The risk of successful cyberattacks on the well-being and lives of citizens will continue to drive politicians to enact new rules and regulations with the aim of strengthening security levels and cyber resilience. So there is likely to be more to come.

Companies should respond accordingly and create more transparency and control over their data and services internally. The following steps are essential for this:

Understanding data precisely: Companies need to know exactly what data they have and what value it has. Only then can they report to the authorities which data was corrupted in a successful attack. Companies must index and classify their data, including classification to their relevant record strategy.
Regulating access: Once the data has been correctly classified, it can automatically enforce rules and rights that regulate access to it.
Survive attacks: In order for a company to be able to create reports for the authorities at all, it must remain able to act. In the worst case scenario, however, nothing will work in the case of ransomware or a wiper attack. The IT teams of CIOs and CISOs will not even be able to react to this attack because all security tools are offline and evidence is encrypted in logs and on the systems. Companies should therefore implement clean room concepts where an emergency set of tools and system and production data is located in order to create emergency operation of the entire IT. This contains all the vital tools for the security teams so that they can begin the essential incident response process. This process is essential to generate correct and meaningful reports for NIS-2, DORA and GDPR violations.