Ransomware operators have upped the game these days. Not only do they take your data hostage: they threaten to release it! However these ransomware threats fall short with encrypted data…
Every system depends on third-parties…
In this recent incident an insurance company fell victim of such an attack. One might be quick to blame the insurance firm. However the company stated that no breach was detected on their network and the leak might come from a third-party service provider.
This would not be improbable at all. When thinking about it, a vast majority of systems depend on third-party services or software. So even if a business is fully secure, it might be betrayed by the ones it depends on!
Ransomware Threats fall short with Encrypted Data
So, do Ransomware operators have the upper hand here? Not if they cannot extract any value from what they steal.
Of course a company might “forget” to backup their servers. Its clients’ data might be lost forever in case of attack.
However it can limit the damage by making sure the stolen data does not reveal any sensitive info.
In other words, one could discourage these attacks if the attacker cannot threaten to leak that data.
Keeping sensitive data private
Therefore services handling sensitive data should put security first. They must assume someone will breach their system. It’s not if, but when.
Now, securing every single bit of data in a database is by no means an easy task. Legacy systems, for example, can’t always easily switch to a fully-encrypted solution.
However we strongly believe this must become the rule in the near future. We cannot assume ransomware attacks will decrease any time soon. But if companies adopt a different approach in storing sensitive data, they may prevent such an attack from becoming a data breach.