Identifying and Protecting Assets Against Ransomware and Other Destructive Events
“Identifying and Protecting Assets Against Ransomware and Other Destructive Events” focuses on methods to effectively identify assets that may become targets of data integrity attacks. It also explores methods to protect these assets against data integrity attacks through the use of audit logs, vulnerability management, maintenance, and other potential solutions.
The risks of data integrity attacks can be reduced using capabilities such as: secure storage, backup capabilities for databases, virtual machines, and file systems, log collection, asset inventory, and file integrity checking mechanisms.
Secure storage allows data storage with additional data protection measures, such as Write Once Read Many (WORM) technologies. Data encryption can also be used, but this will not inherently protect data against corruption.
The backup capability enables backups of the entire database. In the event of a deletion, these backups can be used to restore the database.
Logging records and stores all the log files produced by the components within the enterprise. Logging provides a baseline for events across the enterprise, including typical database activity.
An asset inventory implies that an organization has access to the skills and resources required to implement an asset identification and protection system.
The integrity monitoring capability provides a baseline for database activity as a point of comparison post-deletion. This baseline can be used in the event of an attack to detect and alert on changes within the enterprise as well as aid any necessary recovery.
Repercussions for Neglecting Cybersecurity
The rise of ransomware attacks is a sad reality that cannot be ignored. Hospitals, ambulatory surgery centers, and private practices that have neglected their cybersecurity may find themselves liable. As the number of data breach incidents continues to rise, exposed patients have found recourse in the courts.
OTW has been covering the rising number of cybersecurity data breach lawsuits. For OTW’s previous coverage of recent cybersecurity data breach lawsuits, see “Victims Can Sue Ortho Clinics if Data Hacked,” “Banner Health Agrees to Pay $6 Million for Data Breach,” and “Four Patients Sue DCH Health System After Ransomware Attack.”
