Authored by: Sheena Chin, Managing Director of ASEAN, Cohesity
Anyone responsible for data security who doesn’t get a shiver down their spine when they read in the news about yet another high-profile ransomware attack is either doing something very right, or something very wrong.
The danger of falling victim to a cybersecurity issue is increasing as the volume of attacks continues to rise and bad actors become increasingly sophisticated. The Cyber Security Agency of Singapore (CSA) received 61 reports of ransomware attacks from January to October 2020, almost twice the 35 cases reported for the whole of 2019. Interpol has highlighted how Covid-19 affected both the number and nature of cyberattacks during 2020, and notes “Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.”
There’s no such thing as 100 per cent protection
The natural reaction to such worrying news is to seek protection and build the walls, and there are plenty of firms out there whose livelihood depends on providing just that. The best of them do a grand job, and their regular threat reports indicate just how many attacks they defeat.
But let’s not kid ourselves. No organisation can ever ensure 100 per cent protection from an attack. Especially when those attack types are changing faster than most firms update their defences. Data often sits in too many locations, some even forgotten by the user. Ultimately too many areas like this are probably outside those protected by upfront protection, scanning services and threat intelligence. Even some approaches to data backup and restore systems can be somewhat haphazard, augmented over time as new systems are added, consequently with complex backup routines and even some outdated scripts that are no longer fit for purpose.
How many organisations can say, with absolute certainty, that there are no data silos or duplicate systems outside of the main ‘protected area’ but with accessibility to the network? How many organisations can provide absolute assurance that there are no backups, live or archived, that might not be completely clean of ‘infection’ and are reliable?
Put the spotlight on detection and restore
If 100 per cent protection is not possible, what is an organisation to do to protect itself? We would not for a moment advocate giving up on using a protection service. As a first line of defence it is absolutely necessary, but multiple lines of defence are needed for robust and reliable security. The trickier you can make it for an attacker, the less likely they are to succeed. One of the first lines of defence, aside from the upfront protection and firewalls, must be threat detection. It is invaluable for you to know there is a problem, perhaps before it materialises into a full-blown extortion attempt, and with some hope of restoration and kicking out an attacker.
Sadly too many organisations fail to recognise this and are punished. Consider the malware attack that’s discovered because an unwitting employee has an issue, needs a restore, only for the IT team to find, hours – or maybe even days - later, depending on how the restore has been set up, that the ransomware has reinstalled itself, because it had planted itself quietly and neatly in the backup where it has sat, undetected, just waiting for a restore to reinject itself back into the business.
Proof of the pudding
None of this is idle speculation. There are examples of very serious outages from this year in every sector.
For example, about 580,000 Singapore Airlines (SIA) customers had been affected by a data leak at an external firm, where SIA’s KrisFlyer and PPS Club reward programmes membership details including membership numbers, tier status and, in some cases, membership names were compromised.
Similarly, last month, a hacking group demanded US$50 million from Acer after hackers gained access to the Taiwanese computer manufacturer’s network via a Microsoft Exchange vulnerability.
In another case, Malaysia Airlines' Enrich Frequent Flyer Programme members’ data had been compromised between a nine-year period between March 2010 to June 2019. Personal data including Enrich member names, date of birth, gender, contact details, frequent flyer numbers, frequent flyer statuses and frequent flyer tier levels were all compromised.
Of course, for nearly any recovery strategy, the data is only as current as the last backup taken. Every organisation has differing needs, but each must weigh up a variety of factors to determine how frequently to backup, including the cost of downtime and the resources needed to bring business back online. Depending on your business size, the team you have to dedicate to recovery, the nature of the business, the regulations you operate in, and of course budget and critical operations, it will differ.
However, for a bank, they could not only lose business, and therefore money, but if the backup data used to recover is even just a few hours old, they are in trouble. On the other hand, a small retailer selling plants could get by with weekly backups. It’s all relative and the only people capable of assessing the criticality of backup and recovery for your business is you and your team. However, what we can be pretty certain of is that an organisation can’t just park its data in backup and hope for the best.
Through a robust, reliable backup and restore setup, with strong malware detection capabilities, organisations have a genuine chance to protect themselves, and get back up and running, malware free, in less than an hour. However, without the combination of a front line of defence protecting against cyberattacks AND a reliable set of measures for recovery when the front line inevitably fails, no organisation has an appropriate level of protection and recovery. Now, as we head into the unknown of 2021, how does your business stand up to attack?