Businesses face all types of pressure in today’s marketplace. One of the most devastating is a data loss event that can destroy a company within seconds. Malware threats are increasing at a dizzying pace, and all types of insider threats are taking the stage as the most significant “new” threats.
With malware and ransomware, attackers use a cyber kill chain to achieve their goals. A kill chain is a series of events or stages of an attack, and this example may include deleting or encrypting local and cloud backup files so their targets do not have a viable workaround to their attack.
Insider threats exist in several forms, most commonly as people outside of an organization emulating someone inside the organization in order to gain access to networks and systems. These impersonators typically look for financial gain but may also wish to cause brand damage. They will encrypt and lock data, extort money, or perform some type of espionage. If your business revolves around customer data management, malware events can not only destroy all of your business data, they can impact your reputation and solidify you as a poor business partner.
We’ve talked before about other types of insider threats, which include disgruntled employees who reached “the last straw” phase of frustration and take out those frustrations on the business. One example which illustrates why you must back up your Office 365 data is that of Deepanshu Kher, a disgruntled ex-employee of a California-based company who hacked back into the system and deleted 1200+ Microsoft Office 365 user accounts. Like Kher, a rogue employee with administrator privileges could log in to systems and delete local and cloud backups and then the production data. Then there are also employees that inadvertently delete key data, causing reputation loss and inviting potential audit issues.
In all of the above scenarios, if backups exist, companies could recover files from those backups. To defeat the cyber kill chain, we developed Enhanced Data Protection to specifically protect against these threats and guarantee clean backup recoverability even if attackers access your cloud backup repositories.
If the topic of insider threats is of interest to you, and nowadays it should be of interest to all businesses, the two webinars below might be helpful. In them, we explore the subject in depth including more details on ransomware and data protection.