COMMENTARY: Ransomware attack claims worldwide rose by a staggering 74% in 2023 compared to 2022, underscoring the escalating threat they pose to businesses globally. Particularly vulnerable are high-stakes sectors such as financial services and healthcare, where attacks nearly doubled in frequency.
As businesses navigate these threats, there has been talk about banning ransomware payments to discourage bad actors. However, a ban looks unlikely, even if government agencies like the FBI strongly advise against ever paying the ransom.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
As we look ahead to 2025, we expect the integration of artificial intelligence (AI) into ransomware attacks to amplify both the frequency and impact of these threats. And large ransoms, which are already reaching millions of dollars in notorious cases such as REvil and CryptoLocker, are only part of the financial toll.
Beyond the immediate financial loss, businesses often face extensive downtime, loss of customer trust, and legal penalties. On the operations front, critical systems are rendered inaccessible, disrupting business continuity and potentially leading to permanent data loss. So, what can businesses do to circumvent this risk?
Data classification: a critical defense
Security teams over overlook data classification as a way to mitigate risk and strengthening security posture. It lets businesses prioritize and protect their most valuable information by systematically categorizing data based on a variety of criteria. This can help with access controls and better defining data retention periods. But also, data classification has become highly valuable in improving response efforts.
By categorizing data, organizations ensure compliance with regulations, mitigate breach risks, and avoid the unnecessary costs associated with storing obsolete data. That’s because data classification can help track information that has reached the end of its retention period. At that point, teams can safely erase it, reducing the chances of a breach involving information that an enterprise needn’t have been storing.
Proactive data management, driven by classification, has become an important defense mechanism against ransomware. By focusing security efforts on high-value targets, organizations can reduce the likelihood of a successful attack. In the event of a breach, classified data allows for a faster, more efficient response, minimising downtime and ensuring critical assets are protected.
To effectively leverage data classification as a defense against ransomware, organizations can follow these three steps:
- Run a comprehensive data audit: Conduct a thorough audit to identify and categorize data based on sensitivity, compliance requirements, and business value.
- Establish access controls: Implement access controls based on data classification, ensuring that only authorized personnel can access sensitive information.
- Conduct regular reviews and updates: Continuously review and update classifications and categories to keep pace with evolving threats and business changes.
Concerns in the cloud
Over half (51%) of organizations now host all their data in the cloud with a further 37% hosting some data in the cloud. While cloud adoption streamlines operations, it introduces new challenges, particularly in managing and classifying data. Unlike traditional on-premises systems, cloud environments are dynamic and decentralized, complicating the task of tracking and protecting sensitive information.
Handling end-of-life (EOL) data has become one of the primary risks in managing cloud-based data classification. In the cloud, where data gets dispersed across multiple servers and regions, tracking and securely disposing of data that has reached its retention period presents its challenges. Being mindful to erase a handful of files off a physical hard drive may look like a simple task, however, include the cloud in this scenario, and the task can seem quickly overwhelming. This additional data also increases the risk of data breaches and non-compliance with regulations, as outdated or unnecessary data may linger in the cloud without proper oversight.
It’s crucial for teams to leveraging tools designed for cloud environments. These tools can automate the classification process, continuously monitor data flows, and ensure that data gets categorized based on its sensitivity and compliance requirements. Even erasing select data in the cloud or all data on a cloud exit or migration has become a hygiene factor for many organizations.
AI as the double agent
Looking to the future, AI offers promising opportunities to enhance cloud-based data classification, increasing both the threat and opportunities. Teams could employ AI to automatically assess whether data has reached its end of life, has moved past its retention period, or the teams needs to review it for potential destruction.
By integrating AI into their data minimization strategies, organizations could streamline the management of cloud data and reduce the risk of over-retention, ensuring that only necessary and compliant data gets maintained. Encouraging enterprises to explore these emerging AI capabilities can help them stay ahead in managing the complexities of cloud-based data classification and security. AI will also go hand- in-hand with the continued focus on automation and integration of security routines and tasks into the corporate network.
As ransomware threats continue to evolve, particularly with the rise of AI-driven attacks, businesses can gain a strategic edge by focusing on what matters most—safeguarding their most valuable data.
The transition to cloud environments has made data classification more complex, but it remains a cornerstone of effective cyber resilience. By prioritizing security efforts where they are most needed, businesses can protect their sensitive information and minimize the risks posed by cyberattacks.
To manage this complexity, organizations must adopt cloud-specific strategies, leverage specialized tools, and align with service-level agreements to ensure proper data management. The future integration of AI into classification processes offers exciting opportunities for automating and improving these efforts, especially in managing end-of-life data and minimising retention risks.
Ultimately, businesses that proactively implement data classification as part of their cybersecurity strategy are better equipped to withstand the growing threat of ransomware. Through comprehensive audits, tailored access controls, and continuous updates, organizations can build a resilient defense system that protects their critical assets, and also ensures business continuity in an increasingly hostile threat landscape.
Fredrik Forslund, vice president and general manager, international, Blancoo
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.