Editor’s Question: Protection against the worst consequences of a cyberattack

Editor’s Question: Protection against the worst consequences of a cyberattack

We asked three industry experts: Are organizations right to believe they can protect themselves from the worst consequences of a cyberattack? Here are their responses:

James Wright, Regional Director A/NZ, ASEAN and Oceania, at Cloudian

It’s well understood and even overstated that there’s ‘no silver bullet’ to fully protect against cybercrime. But protection from the worst consequences of a cyberattack is certainly an attainable goal, and something organizations have every right to believe in – once they’ve got the right measures in place.

James Wright, Regional Director A/NZ, ASEAN and Oceania, at Cloudian

Perimeter security and other traditional defenses are a necessary part of the solution, but it’s become increasingly clear that these defenses alone are nowhere close to enough. Earlier this year, Cloudian released its Ransomware Victims Report which showed almost half of victims had perimeter defenses in place at the time of attack.

If we accept perimeters will be breached and think more holistically about defense, we can see attention must be paid to enabling quick data recovery in the event of an attack – particularly in the case of ransomware.

Backups are one of the first things hackers target when they access an organization’s systems to prevent the victim simply restarting operations from its backups.

Therefore, many organizations are turning to immutable backups. As the name suggests, these are unchangeable and cannot be encrypted by hackers. Once a backup data copy is written, it can’t be altered or erased for a specified period of time, making it impossible for ransomware to impact it. If an attack occurs, organizations can quickly restore their data from the immutable backup and recommence operations without paying the ransom.

The other primary negotiating tool hackers have at their disposal is publicly releasing the data they exfiltrate or selling it on the Dark Web. Any organization holds some level of sensitive data it needs to protect, and this is where data encryption comes in.

Data encryption is nothing new. Put simply, it changes data into ciphertext, an unrecognisable format that requires a special key to decipher it, much like what ransomware does to data when it takes hold. Without the corresponding decryption key, hackers can’t release the data in any intelligible form.

Attention to detail is important as plenty of security and backup providers claim to ensure data encryption is in place. To prevent data extortion at the hands of ransomware operators, both data at rest (stored data) and data-in-flight (data being acquired or moved – for example, during public cloud migration) must be encrypted. Anything less than this is leaving the door open for skilled cybercriminals.

More and more enterprise and government organizations are realizing the potential devastation a ransomware attack can cause, including the huge cost of having to cease operations while ransom negotiations are conducted, forensic specialists are called in and IT teams struggle to recover. By employing immutable data backups and data encryption, organizations can avoid all this and be confident they can protect themselves from the worst consequences of a cyberattack.

Richard Sorosina, Cybersecurity Practice Lead, Macquarie Cloud Services

For organizations across the Asia Pacific region, falling victim to a cyberattack is not a matter of if, but when. It is far better to get on the front foot and fortify your bunker before the tornado hits, and the question should really be whether leaders can limit the impact of a cyberattack to their business when it inevitably occurs.

Richard Sorosina, Cybersecurity Practice Lead, Macquarie Cloud Services

In the Gartner 2021 CIO Agenda Survey, cybersecurity was the number one priority for new spending in Southeast Asia and the second highest priority in Australia and New Zealand. These allocations are positive but redundant if leaders fail to first nail down the basics of their cyberdefense.

Businesses need an incident response plan that will clearly outline the steps to be followed when a data breach occurs. By neglecting to do so, the organization will become the low hanging fruit that attackers go after. Even a rudimentary plan is better than no plan at all, and those without one will suffer a much higher impact.

The incident response plan needs to outline the steps to be followed when a data breach occurs. Teams need to identify and classify data to understand what levels of protection are needed, a step that is regrettably missed all the time. For instance, personal identifiable customer information needs a different level of protection to the photos from the last Christmas party.

Teams also need to maintain cyber hygiene through regular patching, and since 90% of breaches start with an email, it is very important to have email protection, multi-factor authentication and end-point protection to prevent any lateral movements by cybercriminals.

Perhaps my biggest piece of advice is to have experienced personnel monitoring your environment 24/7, 365 days a year (including Christmas). This is essential to minimize dwell time in your environment, which is the point where the breach happens to the point you realize it has occurred. Cybercriminals spend an average of 56 days within environments before an attack becomes apparent. That means they’ve got 56 days to do whatever they want with your information.

This 24/7 monitoring becomes a challenge when organizations don’t have the internal skills to run cyber programs. Most business heads I speak with have one or two people responsible for handling cybersecurity, and cyber comprises just one part of their broad and demanding jobs. They simply don’t have the capacity to keep an eye out for nefarious activity or deploy their own Security Operation Center (SOC) capability.

I advise leaders take the time to identify business risks and align cyber capabilities with these risks. The upshot of this can either be an upskilling of your team to meet threats or the seeking of external assistance to get on top of the issue. This will ensure you are in the best position possible to quickly detect, respond and recover from a cyberattack when it occurs.

Yaniv Hoffman, Vice President Technologies, Radware

When it comes to cybersecurity events, 2021 has been a record-breaking year.

Based on a recent report by my company, more DDoS attacks have been blocked during the first nine months of 2021 than all of 2020. Advanced web application attacks are also on the rise, with the number of blocked web security events per company doubling every quarter for the first three quarters of 2021.

Yaniv Hoffman, Vice President Technologies, Radware

Data breaches are another area we hear about on a daily basis as attackers motivated by financial gains find it easy to get access to company systems.

And let’s not forget about ransomware. It’s been on a rampage. Massive ransomware campaigns have been waged against industry leading organizations with huge financial consequences and global business ramifications. Kaseya, JBS and Colonial Pipeline paid millions in ransom. These are just a few real-world examples that show there is still a long way for organizations to go in terms of improving their protection mechanisms.

Organizations themselves will admit they are lacking in organizational readiness. According to industry reports, more than 70% of IT professionals and leaders say they lack confidence in their cybersecurity posture despite having made major investments in recent years. This response should not be surprising, since based on a report done by my company, more than 94% of IT professionals said they were attacked. So, it’s no longer a question of if a business will be attacked, but when it will be attacked.

Certainly, organizations are much more aware than before about the risk of cyberattack and are investing more in securing their environments and customers data.

With that said, the arena of cyberthreats is growing more sophisticated and complex. Legislation to address data breaches and handling of cyberattacks is on the way and will be the norm in many countries by 2023. Organizations will be required to deploy better risk management processes, thorough audits, incident response plans, and a dedicated team to oversee the security measures and future cybersecurity challenges. This is a journey, however, there is no magic here.

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive