In the nearly two decades since the U.S. President and Congress declared October Cybersecurity Awareness Month, online threats and successful digital breaches have skyrocketed. Individual hackers have been replaced with highly trained organizations as the primary perpetrators of attacks that increasingly employ “sophisticated tools, such as artificial intelligence (AI), machine learning (ML), and automation,” according to a recent McKinsey trends report, “to expedite the attack life cycle, from reconnaissance through exploitation.” Here are four things organizations that are fighting back can learn from bad actors’ inventiveness.
Be proactive
This year’s campaign, “See yourself in cyber,” from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), shines a spotlight on how much infrastructure and data security depends on people. Cybercriminals regularly set targets and launch attacks. Those of us on the receiving end must always be actively working to counter them. For enterprises, that means improving existing education and training plans for employees, as well as adopting new technologies such as ransomware recovery that embed security and recovery capabilities. For example, Zero Trust security principles such as multifactor authentication (MFA) and least-privilege access combined with AI-driven insights to spot behavioral anomalies that can indicate a ransomware attack.
Put operational collaboration into practice
Bad actors are benefiting from working together, as evidenced by increasing ransom payouts. In 2021, an insurance company recorded the largest ransomware payout—a world-record setting $40 million—to a group called “Phoenix.” Enterprise teams can benefit from teaming better together, too. A recent Cohesity research study revealed that while most IT and security operations (SecOps) decision-makers believe they should jointly share responsibility for their organization’s data security strategy, many of these teams are falling short when it comes to collaborating to address growing cyber threats. Among respondents believing IT and security collaboration is weak, nearly half say their organization is more exposed to cyber threats. Modern data management solutions, such as integrated Cohesity with Cisco SecureX, help put operational collaboration into practice by allowing DevSecOps professionals to work together to share information in real time. This not only reduces risk, but builds in resilience to protect critical enterprise and government infrastructure.
Build resiliency in from the start
Cybercriminals always have a Plan B. If one company doesn’t pay, they move to another and another until they find one that will. Enterprises should also have a Plan B in case of the worst-case scenario. This enables them to rapidly recover all of their data in the event of a ransomware attack, natural disaster, or unintended human error. Recognizing the importance of getting back to business fast, the New York Department of Financial Services (NYDFS) recently proposed amendments to strengthen its cybersecurity requirements. The notable additions and extensions include business continuity, audits, vulnerability assessments, access controls, and privileged users. Specifically for backup data, big financial firms must have backup systems and procedures, practice their ability to recover, and maintain a copy of the backup data that is isolated from network connections. In addition, for business continuity, they need to establish proactive recovery measures to minimize disruptive events, procedures for the maintenance of backup systems, and the backup of data that is critical to operations.
Adapt quickly
When a “patch” becomes available to wide-spread ransomware, cybercriminals adapt and invent to ensure they maintain a revenue stream. Enterprises must do the same. For example, in response to the recent “Shields Up” warning from CISA urging companies to better prepare for existing and future threats, the guidance included several recommendations for backup and recovery such as “ensure that backups are isolated from network connections.” Typically, this would be done by moving backup data to tapes and storing them at an offsite location. Now, this can quickly and easily be accomplished with a data isolation solution based on a virtual air gap that allows organizations not only to protect their data but also meet new, more aggressive application owner Recovery Point and Recovery Time Objectives (RPOs/RTOs).
If you don’t see yourself as part of the cybersecurity solution, we can help. Learn more about data security and management in our first annual report, “The State of Data Security and Management.”
