Why Non-negotiable and Non-unswervable Immutability Must Become Your Key Defence Against Ransomware and Cyberattacks
Gartner place CyberSecurity as the number one investment area from their CIO services survey and little wonder:
- Ransomware attacks are regularly hitting the headlines now: from hospitals to oil pipelines, ransomware has evolved and is at a near nationally sponsored level
- Ransomware attacks are profitable, the more money that is paid the more we are seeing attacks happen. Insurance costs are rising and company boards are taking notice
- Ransomware attacks have occurred against the media industries: media companies are high profile politically and economically hold millions of dollars worth of data – Object Matrix are aware of multiple multinational media producers and national broadcasters who have been hacked with ransomware and the strain and cost that has created
Alongside Gartner’s article, we argue that a key defence against ransomware comes in the form of immutable data vaults. And this is why.
Why Media is Particularly at Risk Against Ransomware
There are of course many tactics taken by ransomware but one of the main ones is to encrypt your data. Of course, it is unlikely that the tactic taken will be to encrypt, e.g., a 1PB media library byte by byte: we all know that encryption of such a large data set takes days if not weeks and ransomware wants the biggest hit as quickly as possible. So it looks for vulnerabilities:
- Encryption of the file system metadata indexer: this is likely far smaller than the data itself. The encryption can be devastating – good luck trying to work out what blocks belong to what files.
- Encryption of PARTS of files: all the hacker really needs to do is to scramble a few blocks in each media file. Indeed, if they understand media they’ll pretty much know that they can cause havoc just by encrypting the start of every media file. There’s no need to encrypt the whole thing.
- Encryption of file system names: it can even be enough to encrypt just the file system names and folder names. Maybe for good measure move some files around.
- Directly Encrypting blocks on disks regardless of the file system – see below.
How Immutability Works in Media Workflows
Immutable data (file systems, data vaults, etc) means that once data is written then it is unchangeable, undeletable, and therefore is a solid defence against ransomware. It is fast becoming realised, as made clear in the Gartner article, that this is a key defence against ransomware in general, and in particular in media workflows.
However, a word of warning: not all immutable systems are equal. A major problem is file systems that are vulnerable to attacks that go around the immutability defences: so for example, if you run an immutable file system on a Windows machine, and the machine gets hacked, what’s to stop the hacker from ignoring the file system software and just directly scrambling blocks on the disks outside of the operating system? The answer is none and this is a common tactic used by hackers. The red flag warning here is that it is virtually no defence at all to run an immutable file system if the servers running that file system can be hacked. What is required is a solution that is independently firewalled and that supports immutability across all access points.
Media workflows present particular challenges:
- Some data vaults require data to be updatable: scratch working areas – storage systems should support both immutable and non-immutable data areas
- Particularly in media there is a window of time when data is being written where applications might wish to close the file and then reopen it to update metadata or flags, etc. Vaults should support updates to files within a short period of time before making data permanently immutable.
- Depending on the immutability level desired, admins may wish to be able to time-unlock or manually override immutability – some media may be wanted to be kept forever but some may be semi-permanent.
Media makes for unique challenges to the solution set and having a partner that understands media workflows and cyber security demands is where Object Matrix fits in – we’ve had immutable data vault options since the inception of our object storage product MatrixStore. MatrixStore is a highly firewalled private cloud storage solution that also provides a range of additional defences against ransomware attacks. Immutable data vaults should be a key defence against ransomware attacks and we encourage their usage at every stage of the media industry.
About Object Matrix
Object Matrix provides integrated and automated digital content governance. Based in Cardiff (UK), it has an impressive track record for providing tightly integrated digital preservation platforms and is trusted by global broadcasters, telcos, banks and utilities companies to ensure their video content is always available. Customers include Globo, Fox Sports, France Télévisions, BT, the BBC, Sony Pictures, NBC Universal, Deutsche Bank, Imagina, EDF, TV Globo & the Miami Heat to name a few.
Object Matrix is comprised of a team of storage industry experts with a shared vision for high levels of data security combined with intuitive user interfaces. In addition to providing solutions and product integrations for the storage, search and retrieval of media assets, Object Matrix also provides consultancy, training, systems integration, and ongoing support services.