Cyberstorage: The Data-first Answer to Ransomware


Cyberstorage is an emerging security category that is gaining traction as the need for proactive data defense against theft and ransomware intensifies. Sitting between the network infrastructure and the storage system, cyberstorage offers organizations data-first security for increased resiliency, shares Paul Lewis, CEO & founder, Calamu.

The latest trend in ransomware has nothing to do with encrypting your data and demanding a payout to unlock the files. Most companies have adequately addressed this threat by implementing a backup and restore program that can easily recover from such an attack. The cyber bandits know this, so they have upped their game by adding a new weapon to their arsenal: double extortion.

A Second Bite at the Apple

In a double extortion ransomware attack, a copy of the data is first stolen or exfiltrated before it is encrypted. If the ransom is not paid, the attacker threatens to leak the data for the world to see. This gives the attacker a “second bite at the apple” in order to demand a ransom payout. This new approach to monetization has proven to be highly lucrative for ransomware gangs. Since the first double extortion case in early 2020, over 83% of reported attacksOpens a new window now involve data theft with the threat of leaking. The success of double extortion attacks highlighted a gap in the previously underserved data storage security market.  

While there is no shortage of perimeter defenses intended to keep malware out of the network, including endpoint security, firewalls, and extended solutions, there has been a lack of focus on how to actually secure the data itself, assuming the perimeter gets breached. Even existing structures such as the NIST Cybersecurity FrameworkOpens a new window (Identify, Protect, Detect, Respond, Recover) offer great guidelines to secure the infrastructure but offer little advice on safeguarding the actual data. In an attack, the objective is not to simply penetrate the systems but to penetrate the systems in order to gain access to the data. If a copy of the data is subsequently stolen, there is no way to prevent the data from being leaked.

See More: Stopping the Next Wave of Cyberattacks with Collective Defense

Cyberstorage: A New Category of Data Defense

Thankfully the industry has a new emerging trend that seeks not just to mitigate an attack but to actually absorb it and eliminate all fallout, including the impact of stolen data. Gartner recently recognized this trend by introducing a new category in its Hype Cycle for 2022 Innovation Trigger section: cyberstorage. In creating a new data security category, Gartner challenged the industry to do better and find more secure solutions to protect the data beyond perimeter defenses. It is a call to attention to focus on what happens once the perimeter has been breached and the data has been accessed. Is there a way to ensure that it stays protected, even against attack? 

Emerging vendors in the cyberstorage space say yes. Sitting between the network infrastructure and the data storage system, the goal of a true data-first cyberstorage solution is not to merely mitigate the impact of an attack but instead to absorb the attack, lowering the risk of data exposure and using automated systems to maintain resilience and prevent downtime. If the data remains secure even when the storage media is improperly accessed, the organization has time to seal the breach and run forensics without sensitive data being immediately siphoned out of their controlled environment. 

A cyberstorage layer can also help secure backup data as well as on-premises data servers, which are quickly becoming a target for double extortion ransomware attacks. Recent researchOpens a new window shows that 72% of organizations experienced attacks on their backup repositories in 2021. Additionally, attacks on cloud repositories doubled over the previous year, which caused many IT teams to halt data migration to the cloud in favor of on-premises systems. However, cybercriminals also understand this trend and know that gaining access to on-prem, even air-gapped systems represents a goldmine of private data. Attacks targeting on-prem servers started to emerge through various creative measures, including CVE exploits, backdoor vulnerabilities, and even electromagnetic signals to gain access to air-gapped systems.

Three Pillars to Increased Resiliency

Cyberstorage, according to GartnerOpens a new window , “protects storage system data against ransomware attacks through early detection and blocking of attacks, and aids in recovery through analytics to pinpoint when an attack started.” When evaluating a cyberstorage defense layer, companies need to consider the following:

    • Built-in, proactive technology that can recognize anomalies and jump into action on their own by quarantining the threat location automatically, alerting and recording the activity for further investigation.
    • Ability to instantly recover and continue from an attack and self-heal the compromised data.  
    • Safeguards on the data level that secure it against exposure, even if it has been exfiltrated during a breach.

Time is of the essence during a cyber attack. Cyberstorage solutions that integrate high-performing security analytics and intelligence with proactive triggers based on the activity at the data level can help reduce the speed to action and ultimately speed to recovery to help boost the organization’s overall resiliency. It’s estimatedOpens a new window that the fastest-moving ransomware can take over a system in less than 45 minutes. In addition, the average cyber attacker will lay in wait, undetected, for 11 days after breaching a network before deploying ransomware. 

Companies that wait for IT teams to act on suspicious activity such as errant processes or unauthorized access, and removal of files will and are losing in the game of time. Proactive detection means automatically recognizing and stopping the attack in its tracks by quarantining the threat location. It also means alerting and recording the activity for further investigation as well as safeguarding the data even if it is accessed.

Cyberstorage Adoption Estimated to Grow by 6X

While the methodology may vary from vendor to vendor, the ultimate goal of cyberstorage is a data-first security approach that focuses on protecting the data itself, not the media that actually holds the 0s and 1s. While this category is young, promising companies are addressing this problem through innovative technologies between infrastructure and storage systems. Storage systems are quickly moving to the cloud and growing exponentially in size, which creates an incredible need for this emerging technology.  

While today it is estimated that only 10% of businesses require integrated ransomware defenses on their data, Gartner expectsOpens a new window that number to jump to 60% over the next three years. The cyberstorage category is shifting the conversation around data protection from prevention/recovery to addressing the inevitability of an attack. Businesses today need creative solutions to secure the data, even during a breach. A data-first security approach does just that.

Have you benefited from cyberstorage in increasing protection against ransomware? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .