As most of us have come to realize not all data is created equal and it should not be protected equally. Lets face it treating everything equal equals nothing but failure, frustration and a big bite out of your budget. That being said we do need to protect our most valuable data appropriately based on risk and value or possible compliance requirements from cyber attacks. What would happen if the most important data was encrypted by malware and held for ransom? There is a very nasty piece of malware named cryptolocker that is doing just that.
Cryptolocker is a very nasty piece of malware that is encrypting Windows files shares and locking users out of their files. The malware encrypts Office documents and other commonly used documents then denies access to the files. Users are required to pay $300 for to have the files unencrypted and have a limited time to do so, 72 hours, before the private key is destroyed. Researchers at Symantec estimated that one ransomware syndicate clear about $ 5 million per year.
I have been discussing this recently with a few customers and have come to some conclusions. The general user segment cannot be trusted. We must segment our networks to protect our most precious data and only allow access through secure means. This may be a virtualized environment where the data never enters the enduser machine or move that user and their resources into the segment with higher security controls. Again this is not for all users but only for those with access to the keys to the kingdom.
In some environments segmentation may not work if they are very decentralized. In these cases increased controls on the workstation must be utilized including forcing users to classify data and advanced threat protection. If they are forced to tag on creation and a data loss solution can monitor we have a chance, this must be combined with encryption and multifactor authentication.
These solutions are not easy on anyone but if we trying want to protect our data it is necessary.