Guest Blog by Rob Westervelt, Research Director, Security Products, IDC Twitter: @rwestervelt
Cybersecurity practitioners face mounting pressure to defend critical data from internal and external threats and ensure regulatory compliance obligations are met all while struggling to adapt their security infrastructure to the distributed nature of the corporate network. Budget resources are finite and allocating those resources to create a cohesive and effective security program requires security teams to increasingly enlist operations personnel and data owners to not just follow security policies but add data governance policy enforcement to their list of responsibilities.
There is no better threat to illustrate the need to enlist non-IT security personnel in data and cyber protection than the longstanding ransomware attacks that have hamstrung hospitals and healthcare providers, brought state and local governments to a grinding halt, and forced some manufacturers to temporarily halt production. A CISO at a consumer goods manufacturer described the havoc ransomware caused to the company and the costly disruption that continues to this day. A lack of basic security hygiene and poorly managed secure file transfer software enabled an employee to open a malicious file attachment, spreading the SamSam ransomware as a result. The outbreak took minutes. Production came to a grinding halt, back-end systems and servers were brought offline and systems containing valuable intellectual property were subsequently encrypted and held ransom. The problem grew even worse when a consultancy was brought in to investigate and clean up the mess and discovered that the manufacturer's outdated “secure” backup and recovery solution had also been infected. The response team scrambled to recover using old tape backups. The amount of IP lost was astonishing. Senior management even reached out to former employees to try to piece together lost formulas. What the CISO described was a real nightmare.
Another common problem expressed by CISOs and other IT security practitioners in the past has been the checkbox compliance mentality at some organizations when it comes to data protection. Regulatory compliance is an important way for the public to ensure a set of minimum standards are in place to reduce the risk to personally identifiable information. Today, compliance requirements continue to drive data protection technologies such as encryption, tokenization, data loss prevention and file access monitoring and alerting. But ransomware and the resulting chaos and costly disruption it causes, has helped senior management see the value of investing in strong backup and recovery, hardened endpoint security software and mechanisms such as user and system behavioral analysis to spot anomalous activity and provide the context necessary for security to rapidly investigate and contain potential threats.
Security must be cohesive to bring risks to sensitive data down to acceptable levels. Furthermore, security teams should work with operations personnel to assess backup and recovery plans and architectures and modernize them to address system redundancy and failover, providing the organization an integrated cyber protection strategy. This includes developing an ongoing schedule to test regular backups and consider following the best practice of keeping additional backups stored offline as well as ensuring that backup solutions are backing up data at an acceptable interval such, that any information made inaccessible can be restored if necessary.
Personnel involved in backup and recovery are an essential part of a data triage team because they understand established business processes and typical workflows and can assist in identifying risks. Maturing a security program takes time and cultivation. Building a cohesive security program requires integrated technologies but organizations can't ignore the fact that people are an essential ingredient for an effective program.
For more information, download a six-page white paper to learn what IDC recommends to IT organizations in order to stay secure and protected.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.