How bad is the ransomware problem?
More than one-third of organizations worldwide have suffered a ransomware attack or breach that blocked access to systems or data in the previous 12 months, IDC said in August of last year. FBI statistics show that these incidents have been increasing about 20% annually since 2020. That’s pretty bad.
Though the attacks vary in severity and type of organization targeted, they always have one thing in common. When malicious actors infect a computer or server, encrypt its contents to block access, and demand ransom in exchange for the encryption key, they’re holding hostage a company’s most precious resource: its data.
Given how crippling the loss of data can be -- for example, the attack on Colonial Pipeline in late April 2021 that led to gasoline shortages on the East Coast -- you’d think the chief data officer (CDO) would play a central role in helping protect sensitive data against ransomware attacks and in planning the response if their organization is targeted. But that often is not the case.
First, many organizations still don’t have a CDO (though I think all should). Companies increasingly have added the CDO position to the C-suite in recent years, but many holdouts remain. In fact, less than half of large organizations have a CDO, according to a 2021 Gartner survey.
Second, the role is still evolving. Consultancy NewVantage Partners reports that 65% of companies now have a CDO, up from 12% in 2012, but less than half actually have primary responsibility for data. “Clarity on responsibilities, focus, purview, and reporting relationship remains in flux,” the report said.
Having a CDO benefits a company in several ways. In a time when data is often described as the new oil, an immense and extremely valuable resource, it simply makes sense to have a lead executive for managing and governing data across the organization and creating a data-driven culture that maximizes business results.
The increase in ransomware attacks only amplifies the case for a strong, focused CDO. Even after paying a ransom, the average victim recovers only 65% of their data. All in all, the average cost for a US company in 2021 -- including ransom, downtime, recovery, lost opportunity and data, IT, etc. -- was $1.85 million.
Here are four ways a CDO, if given a seat at the table, can help guard against and minimize the impact of ransomware attacks.
1. Lead a holistic data management strategy
As data flows into and across enterprises from all directions -- customers, partners, vendors, internal systems such as marketing and HR, etc. -- it’s surprising how many organizations don’t really know what data they have, where it resides, and how it’s used and governed. Truth is, it is sprawled all over the place -- in data centers, public and private clouds, inside SaaS applications, in file-sharing systems. This complexity makes defending against ransomware attacks and dealing with the aftermath exponentially harder.
Thus, the CDO should be the accountability leader for building a thorough inventory of enterprise data. Anything less means flying blind in preparing for and responding to a ransomware attack.
2. Identify the most critical assets
After building the data inventory, the CDO’s next big responsibility should be leading the charge on a deeper understanding of the data hierarchy -- that is, what is the most vital data that, if compromised, would threaten the company’s uninterrupted operation?
This should be an exercise in prioritization. Companies are awash in so much data that it’s a mistake to boil the ocean and pretend all that data is created equally. Better to zero in on the data that matters most.
Every company owes it to its customers, shareholders, employees, and any other stakeholders to be able to say: “We absolutely understand where our most important data is, and we’re protecting it, and we are doing everything possible to ensure a ransomware attack doesn’t affect that data and paralyze us.”
3. Treat it as an ongoing process
It’s wrong to think Steps 1 and 2 are one-off efforts. Every organization’s data profile constantly changes. So, then, must the efforts to map and prioritize.
CDOs are wise to develop a regular cadence – quarterly is good – to refresh this information. Then, they can stay current on what any significant changes mean for the data protection and cybersecurity strategy, and they can advise other C-suite leaders accordingly.
4. Be a catalyst
The CDO has a rich opportunity to be the lead educator and adviser to the rest of the business on pinpointing the biggest risks to data in ransomware attacks.
Though the CDO role is becoming more prevalent, it has yet to be consistently defined. In some ways, the position is still trying to escape its origins as a function focused on business intelligence -- how to leverage data for business insights through analytics technologies. Don’t get me wrong: This remains an excellent part of the CDO job description, but today’s CDO can and should be so much more. In many cases, they may have to overcome pigeonholing by actively advocating for a broader job scope.
As these four points show, the rise of ransomware has given CDOs a moment to be visible leaders within companies in addressing the reality that data and ransomware attacks are inextricably linked. Their organizations will be better off if they seize it.