Op-Ed: Why effective IT security isn’t possible without detection and recovery capabilities

The danger of falling victim to a cyber security attack is growing as bad actors become increasingly sophisticated. Interpol has highlighted how COVID-19 affected both the number and nature of cyber attacks during 2020, and notes “vulnerabilities related to working from home and the potential for increased financial benefit will see cyber criminals continue to ramp up their activities and develop more advanced and sophisticated modus operandi”.

Building walls is not the answer

The natural reaction to such worrying news is to seek protection and build the walls, and there are plenty of firms out there whose livelihood depends on providing just that. The best of them do a grand job, and their regular threat reports indicate just how many attacks they defeat.

But let’s not kid ourselves. No organisation can ever ensure 100 per cent protection from an attack. Especially when those attack types are changing faster than most firms update their defences. Data often sits in too many locations, some forgotten by the user, and ultimately too many areas like this are likely outside those protected by upfront protection, scanning services and threat intelligence. Even some approaches to data backup and restore systems can be somewhat haphazard, augmented over time as new systems are added, consequentially with complex backup routines and even some outdated scripts that are no longer fit for purpose.

How many organisations can say, with absolute certainty, that there are no data silos or duplicate systems outside of the main ‘protected area’ but with accessibility to inside the network? How many organisations can provide absolute assurance that there are no backups, live or archived, that might not be completely clean of ‘infection’ and are reliable?

Detection and restoration is vital

If 100 per cent protection is not possible, what is an organisation to do to protect itself? We would not for a moment advocate giving up on using a protection service. As a first line of defence it is absolutely necessary, however multiple lines of defence are needed for robust and reliable security.

The trickier you can make it for an attacker, the less likely they are to succeed. One of the first lines of defence, aside from the upfront protection and firewalls, must be threat detection. For you to know there is a problem, perhaps before it materialises into a full-blown extortion attempt, and with some hope of restoration and kicking out an attacker, is invaluable.

VIEW ALL

Sadly, too many organisations fail to recognise this and are punished. Consider the malware attack that’s discovered because an unwitting employee has an issue, needs a restore, only for the IT team to find, hours – or maybe even days later, depending on how the restore has been set up – that the ransomware has reinstalled itself, because it had planted itself quietly and neatly in the backup where it has sat, undetected, just waiting for a restore to reinject itself back into the business.

Recent attacks

None of this is idle speculation. Look at any sector and there are examples of recent and very serious outages.

During 2020, the Northern Territory government was forced to close down one of its corporate IT systems for three weeks after a provider of its cloud-based systems fell victim to a ransomware attack. The systems were restored from data backups and the government emphasised that the integrity of data was not compromised by the attack.

Also during 2020, logistics firm Toll Group was hit by ransomware attacks twice in three months. The company responded by shutting down a number of IT systems, which had an immediate detrimental impact on customer-facing applications.

Of course, for nearly any recovery strategy, the data is only as current as the last backup taken. Every organisation has differing needs, but each must weigh up a variety of factors to determine how frequently to backup, including the cost of downtime and the resources needed to bring business back online. Depending on your business size, the team you have to dedicate to recovery, the nature of the business, the regulations you operate in, and of course budget and critical operations, it will differ.

However, for a bank, they could not only lose business, and therefore money, but if the backup data used to recover is even just a few hours old, they are in trouble. However, a small retailer selling plants could get by with weekly backups. It’s all relative and the only people capable of assessing the criticality of backup and recovery for your business is you and your team. What is a niggle for some businesses is frontpage news and a CEO firing for another.

But what we can be pretty certain of is that an organisation can’t just park its data in backup and hope for the best.

By having an up-to-date, comprehensive data backup strategy and effective malware detection tools in place, Australian organisations will be as well placed as possible to withstand the threat of ransomware attack in the coming year. Make checking your cyber defences a top priority in 2021.

Derek Cowan is the head of systems engineering, ANZ at Cohesity.