Beware the false security of Microsoft’s built-in capabilities
Businesses must do something to protect themselves before an attack occurs. Let’s consider this scenario that is, unfortunately, becoming all too familiar to IT staff in enterprise, healthcare, and government organizations in the 21st century.
The scenario
Someone in your marketing department opens a document emailed to him from a “former business colleague” promising to offer valuable information about an upcoming event he’s scheduled to attend. After he opens the document, he brings it out of read-only mode, therefore enabling the macros. At this point, his device starts to behave strangely. First, he sees some text files on his desktop that were not there before. Next, he cannot open his SharePoint or OneDrive files. Finally, he hears from a co-worker that the SharePoint files she needs for a meeting are now corrupted.
After your IT team pieces together these unusual events, you start to feel a sense of panic – you realize that your organization is experiencing a ransomware attack. The individual from the marketing department unwittingly served as the vector of attack by falling victim to an email phishing scam. From any perspective, it does not look good. If this attack were anything like WannaCry, the entire network could soon be shut down, slowing operations to a grinding halt.
For a fleeting moment, it occurs to you that there is a glimmer of hope. Doesn’t Microsoft provide built-in protection against data loss? Unfortunately, the protections they offer are limited. As it currently stands, SharePoint Online and OneDrive for Business do not protect against a scenario like the one above.
The aftermath
Unfortunately, in this scenario, the damage has been done - the network has been infiltrated. A great deal of files within your network have been encrypted and are now totally inaccessible to everyone in your organization. Your applications, which rely heavily on data, go down and nobody can get work done. Your CEO is envisioning money flying out the window as the hours tick by and productivity plummets.
In situations like this, it is not only crucial to recover, but to recover quickly. As you work to restore your data, you realize that your most recent restore point was five days ago. That is five days’ worth of data and documents, lost. Reverting to those files is going to make a lot of people very unhappy. Paying that ransom is beginning to look like a good idea. But you cringe, thinking of the money your company is losing by paying the ransom, not to mention what it is costing in lost productivity. In some cases, cyber criminals are making off with millions of dollars after a single ransomware attack. In fact, Business Insider reports the largest ransomware payout to date was made in 2021 by an insurance company at $40 million, setting a world record. Emboldened by an increase in the rate of organizations that are willing to pay to get their data back, criminals are raising the price of their ransom.