Cloud-Based File Storage Helps Mitigate Ransomware Attacks
By Russ Kennedy
Historically, the energy industry has trailed other market sectors in embracing digital technology. Today, it is making up for lost time. To maximize returns for their investors while minimizing impacts on the environment and local communities, companies across the oil and gas value chain are steadily digitizing their operations. They know that faster access to information, more detailed data and more sophisticated automation will help them continue to redefine efficiency.
For operators, pipeline companies and service providers, digital transformation can be more challenging than it is for other industries. In many cases, data is widely distributed in disconnected systems that are located not at headquarters and field offices but at distant well pads, compressor stations and offshore platforms. Integrating this siloed information requires special applications and, increasingly, Internet of Things devices tailored for specific uses.
Extensive government regulation and the resulting compliance headaches further complicate matters. So does rising cybercrime, especially when energy companies are prime targets. Fortunately, there are strategies and systems that can help smart companies accelerate their digital transformation while protecting their businesses.
The Need For Urgency
Like most businesses today, energy companies are being overwhelmed with data of all types, from countless sources. Most of that data—an estimated 80%—is unstructured. Instead of being stored in rigid databases that specify its format, unstructured data takes the form of documents such as emails, reports and spreadsheets. Such data is more vulnerable to cyberattacks.
Ransomware is widely considered to be the most serious threat, and attacks are becoming more relentless and sophisticated. Many hackers are specifically targeting the nation’s infrastructure, and a successful breach can take down an operation and paralyze a business and the customers who rely on it.
The 2021 Colonial Pipeline attack illustrates how crippling ransomware can be. Hackers managed to infiltrate the network by using a stolen password. Once inside, they planted ransomware that affected many systems and threatened to publish stolen data if their demands were not met. The company shut down its pipeline, cutting off fuel supplies for much of the Eastern Seaboard, and paid a ransom of more than $4 million for the decryption key. The pipeline came back into service after several difficult days, but recovery was slow and arduous even with the decryption key.
Far too many energy companies are equally vulnerable. Managing and protecting massive amounts of data is an enormous challenge, and the outdated IT systems still common in many organizations cannot adequately address it. Digitization is the answer, yet the energy industry still devotes only 1%-2% of its overall resources to digitization and other IT upgrades, according to Accenture research. That is far less than the investments being made by other industries.
While increasing IT resources is essential, it’s equally important to reexamine and reinforce cybersecurity strategies. Organizations must enforce best practices, making sure passwords are strong, updated frequently, and never shared across programs or sites. Bolstering passwords with multifactor authentication is another must. Lapses in these areas may have contributed to the Colonial Pipeline breach.
Educating users on cybercrime also is critical. Hackers frequently gain entry by tricking employees into clicking on a dangerous link, opening a file infected with malware or revealing credentials. Teaching everyone to spot phishing and other ploys can help minimize vulnerabilities and ward off attacks.
Planning for Recovery
Even companies that do everything they can to secure their infrastructure may eventually face a successful attack. Wise companies will put a recovery plan in place to limit how much such attacks disrupt their operations.
Many companies still rely on legacy storage systems such as file servers, which they periodically back up to external media or remote sites. As the amount of data energy companies manage grows, this approach is becoming increasingly impractical. That is true whether a company is a multinational firm with terabytes of data and hundreds of locations or a lean independent that cannot afford days of downtime.
When critical data has been corrupted, damaged or destroyed in a cyberattack or natural disaster, it’s not feasible to restore operations quickly using traditional backups. When data is encrypted in a ransomware attack, for example, it’s hard to determine exactly when the damage took place and precisely which data is affected. Recovering many volumes of data takes time and effort, and clean data not infected with malware can be lost in the process.
Even if the IT department immediately recognizes and responds to an attack, it can still take weeks or months for full recovery from backups. The resulting disruption and costs often lead companies to decide it’s less expensive and more expedient to pay a ransom.
It’s important to note that complying with ransom demands does not guarantee a quick or full recovery. Researchers estimate that a third of the businesses that pay hackers still fail to recover all their data. And paying ransoms may encourage repeated attacks, since hackers know a business will be a profitable target. Considering that ransomware attacks are on the rise— occurring as often as every 11 seconds, according to some experts—businesses clearly need to be prepared with an effective response.
The Cloud to the Rescue
Cloud technology is one of the most effective ways to speed recovery. In the cloud, backup data can be stored such that it can’t be altered in any way or encrypted—it’s immutable. If, or more likely when, hackers strike, having a so-called golden master is a lifesaver because it gives companies a safe point to fall back to.
Of course, companies will want to minimize the amount of work lost by rewinding as little as possible. One of the major advantages of cloud-based solutions is continuous file versioning, which provides an unlimited number of recovery points for file data. Snapshots can be taken as frequently as every few minutes, which allows for local and fast, file-level recovery from an attack.
Modern cloud-based file storage systems also empower IT teams to pinpoint the source of attacks quickly. With in-line edge detection, these systems automatically monitor changes to files to spot signs of a ransomware attack, immediately alert the appropriate people, and provide detailed logs of activity and the associated IP addresses.
This information helps IT teams conduct an immediate audit to determine which files are damaged. They only need to recover the data that has been infected rather than sacrificing whole volumes of unaffected data, which helps reduce recovery times from days, weeks or months to minutes or hours.
Cloud storage’s heightened protection does not come at the cost of usability. Global file systems not only preserve data integrity, but also manage that data without compromising access. In fact, users can access data from anywhere, a major advantage to widely distributed operations whose workers want to focus on solving problems rather than chasing information.
Even if a company never experiences an attack or other disruption, cloud-based storage can boost the bottom line. By moving away from legacy file storage systems, companies shift the responsibility and cost associated with building, optimizing and protecting storage systems to third parties whose business depends on doing that well. Add in economies of scale, and this change slashes file storage costs as much as 60%.
These savings come alongside speedier, more robust recovery from attacks or disasters. Even when numerous locations and a remote workforce are involved, businesses can return to productive work. And in everyday use, the cloud allows fast file access, strong data protection and enhanced collaboration.
Other benefits include real-time detection of ransomware at the edge and quarantining active threats to keep them from spreading. Cloud-based solutions offer the ability to restore millions of files in minutes, as well as up-to-date protection from emerging variants.
That cutting-edge protection is key, for whether they are motivated by money or geopolitical objectives, hackers are always refining old techniques and developing new ones. A data storage strategy that emphasizes a cloud-first approach is the best option for energy companies seeking stronger security, better business continuity and continued growth in a turbulent market.
RUSS KENNEDY is chief product officer at Nasuni, which provides a file services platform built for the cloud. Before Nasuni, Kennedy directed product strategy at the file storage specialist Cleversafe through its $1.3 billion acquisition by IBM. Earlier in his career, he served in a variety of product management and development roles, most notably at StorageTek (acquired by Sun Microsystems), where he brought several products to market. An avid cyclist and hiker, Kennedy resides in Boulder, Co., with his family. He has a B.S. in computer science from Colorado State University and an M.B.A. from the University of Colorado.
For other great articles about exploration, drilling, completions and production, subscribe to The American Oil & Gas Reporter and bookmark www.aogr.com.