Boosting cyber resilience when the odds are stacked against you
2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put overburdened security teams under more strain. In 2021 we must focus on the danger areas
Over the last few months, the pandemic has presented many challenges for businesses attempting to work securely in a changed world. Disinformation confounds decision-making, ransomware is targeting our healthcare systems, and insider leaks continue to rise, despite increased adoption of privacy laws around the world.
One of the most pressing security challenges, of course, was the unexpected but necessary overnight transition to working from home. According to a recent study published by Webroot there has been a 40 per cent increase in unsecured remote desktop protocol machines because of the dramatic shift to work-from home. There has been a 2,000 per cent increase in malicious files with "Zoom" in their name.
Although not an entirely new concept, many organisations were not prepared for this mass shift to remote working. In the race to ensure that employees had the tools required to continue to do their jobs effectively while also making budget cuts, many businesses ended up with cybersecurity on the back burner and underfunded. In fact, according to recent research, 85 per cent of CISOs sacrificed cybersecurity in order to set employees up to work remotely.
To make matters worse, this new remote landscape has increased the attack surface drastically. Improperly secured networks and connections as well as the use of personal, unauthorised devices for work is leaving the door open for increasingly effective cyber-attacks.
With the government implementing a ‘tougher' tiered system for the foreseeable future, many employees won't be returning to the office for quite some time and this security problem is likely to continue. So how can businesses protect themselves when the odds are stacked against them?
Cyber resilience AND cyber security
As the saying goes; when it comes to cyber-attacks, it's not a case of if your business will fall victim, but when. The necessary transition to remote work has only validated this statement even further - with businesses facing increased risks and more attempts to infiltrate their networks and access their sensitive data than ever before.
The question is no longer how to keep bad actors at bay, it's how to recover and keep operations going in the face of an attack. After all, the cost of a breach goes beyond any initial lump sum payment demanded by those behind the attack. It can also drastically impact a business in terms of downtime, lost productivity, and reputation.
Whilst every business has some sort of cyber security in place - whether effective or not - the real focus should be on cyber resilience. Cyber resilience is all about an organisation's ability to bounce back from an adverse event and return to ‘business as usual' as quickly and painlessly as possible. It starts with the ability to detect a breach and incorporates everything required to ensure business continuity, whilst removing the threat.
For those that do have a resilience strategy in place, it is often compartmentalised, treated as a separate entity to any security frameworks or policies. However, there is more value to be gained when cyber security forms an element of a wider cyber resilience strategy. It is only then that businesses can protect against the inevitable and mitigate any potential damage that a breach might cause.
A more resilient future
To avoid being affected by a compromise, businesses first need a cyber resilience strategy that can identify threats in real time and neutralise them before they can do any damage. Secondly, businesses need to be able to recover systems and data quickly, to ensure continuity of operations in the event any given attack takes hold. In order to achieve this, there are several steps organisations can follow:
- Prepare. Prevention is always better than a cure. To prevent cyber attacks, you need a multi-layered approach to cyber resilience which includes technologies, people and processes. Employees need to understand the wide range of cyber security risks which exist today, including the various ways a breach could take place given the recent changes to working habits. Businesses need to put in place comprehensive security policies and provide training to ensure that every person - from CEO to intern - knows what is expected of them.
- Protect. Anti-virus and firewalls are no longer sufficient to meet today's threats. Visibility into network and endpoint activity, email and content security, multi-factor authentication and identity management all factor into securing distributed networks. Businesses must also ensure that these layers act in concert, automating as much as possible. Whether its basic security software, such as firewalls, or more sophisticated tools like endpoint detection and response solutions, each element must work together to protect the business as a whole.
- Absorb. This step is all about durability should an attack breach the initial wall of defence. Adding solutions such as content management platforms and cloud collaboration tools into the mix can help organisations achieve resilience. They allow data to be quickly isolated and quarantined whilst other systems remain available - ensuring the business can continue operating whilst the threat is managed.
- Respond. Stakeholders should all know their role when a breach happens, before it happens. InfoSec, IT, HR, public relations and legal departments as well as the C-suite all have roles to play. Tabletop exercises should be conducted to reinforce roles and work out any uncovered shortcomings in the plan. Incident response technology or managed service contracts should be in place and ready to go when the inevitable breach occurs. The better your response plan, the better your ability to achieve the final two steps of this framework.
- Recovery. Effective data back-up and recovery models will help businesses to restore stolen data or repair damaged services caused by an attack. These are particularly useful tools in the case of ransomware attacks, where important data being stolen or made unavailable can completely stop a business from operating.
- Adapt. In order to prepare for whatever comes next, businesses need to ensure that their cyber resilience strategy can automatically adapt to combat the latest threats. Network and security solutions that leverage up-to-the-minute threat intelligence will prove essential moving forward. In the more advanced cyber resilience solutions, AI-assisted analytics can even be used to capture all breach data to improve the way that businesses react in the future.
As we look ahead, some things are abundantly clear. First, we know remote work environments will be the new normal. Attackers will look to exploit weaknesses, like less secure personal devices and home Wi-Fi. They will continue to thrive in a high-uncertainty environment.
Disinformation will be a persistent threat, and ransomware will continue to plague the operations of organisations large and small.
With the threat landscape only set to grow in the coming months, businesses need to act now to ensure that they can protect themselves in the long-term by taking a proactive approach that includes training, technology solutions for detections and response, simulations and ongoing testing, and finally back-up and restoration solutions, should the worst happen.
2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put even greater strain on already overburdened information security and digital forensic teams. In 2021, these are the challenges that will receive the most attention.
Anthony Di Bello is VP strategic development at OpenText