Updated: Dec 14, 2021
Ransomware attacks have picked up in frequency and severity, crippling some businesses for weeks on end. Fight back with a better application architecture. Keep your sensitive business data out of the reach of attackers.
By: Stephen Graham @ AnonTech
According to IBM's Cost of Data Breach Report 2021, The average cost of a data breach is now $4.24M and $1.59M of that is classified as "lost business". That is revenue lost due to the reputational damage caused by a breach and that revenue will not ever return once the damage is done. Additionally, the average cost of breached personally identifiable information (PII) is $180 per record. So, if you have a breached customer database with 100k records in it, you could be looking at $18M in associated costs (!).
The attack on the City of Cleveland's Kronos system illustrates the need to fight back. According to WKYC Studios, this ransomware attack "may have compromised some employees’ first and last names, addresses, last four social security digits and employee ID." That is some incredibly sensitive PII to be exposed and according to ZDNet, UKG (Kronos' parent company) said the vital service will be out for "several weeks" and urged customers to "evaluate and implement alternative business continuity protocols related to the affected UKG solutions."
There are many different attack vectors and security considerations, but a logical first move (after applying traditional security practices to your network), is to segregate the sensitive information from your standard application data and remove direct access to that information by putting it behind a secure API. Here is what I mean:
On the left, you see an application architecture where an infected server or analyst PC has direct access to the application's database. With this setup, the ransomware is able to directly access sensitive information, encrypt it, and lock out your access to it (unless you pay the ransom of course).
On the right, we have the same architecture, but with the database tucked securely behind an API. Now, even though the application server and the analyst's PC have become infected, the ransomware is not able to access the sensitive data that has been moved out of reach. There is still some impact - server backups likely need to be restored & patched, maybe some application data needs to be recreated & configured... But, at least the critical, sensitive information (like customer & employee records) are not impacted, greatly limiting the size and scope of the attack.
This is the approach that we have taken with ViziVault. All personal information is removed from your application databases, encrypted, and stored in a locked down vault with only trusted API access to the information. Regardless of the technologies you decide to use, de-coupling your sensitive information from your applications and removing direct access is one way you can immediately begin to protect yourself from ransomware and other forms of attack.