Story image

Businesses must focus on prevention, not rely on backup - emt

09 Apr 18

Article by emt Distribution chief marketing officer Scott Hagenus

There has been a shift of direction in the thinking of the Cyber Security Industry.

Endpoint Detection and Response (EDR), that is detecting a threat and investigating it, and Backup appear to have unusually high or disproportionate amounts of airtime. 

What happened to prevention?

In the past 18 months, security professionals appear to have given up. 

A bold statement, but when you look at the fact that security policies are pushing backup as security, it feels like an admission of a failure to protect. 

Deploying tools to monitor suspicious activity on a network is a sensible move, but not if it is at the expense of defensive technology that prevents malicious activity from the outset.

Back up is recovery, not cybersecurity. 

If files are deleted, a VM is destroyed, archives or email are corrupted, backups are used to recover them. 

The same is true for a cybersecurity incident, such as ransomware, encrypting, restricting access to or destroying files. 

Backups help to recover the files, or as a last resort payment of the ransom may allow access to the impacted files. 

However, the fact remains the malicious actors have been let through the door and possibly into every room in the house. 

A survey by Malwarebytes reports that Australian businesses are twice as likely to pay a ransom then their offshore counterparts as reported in the Financial Review (Aug 2, 2017), with 35% of the 127 businesses in Australia who responded to the survey having been impacted by Ransomware.

Backup is recovery, not cybersecurity.

The global appetite to include backup in cybersecurity mitigation strategies is distressing for two reasons:

  • Backup should be part of any business or agencies DNA.  Since the 1950’s punch card days, backups have been standard procedure, even before the digital era. Triplicate Invoice and order books with carbon copies existed for a reason. 
  • If an organisation has to fall back on backups, they’ve been breached.  This means there’s been a gap in their defence. 

Just because defences failed doesn’t mean all strategies of defence would fail.

Invariably, it means that the wrong type of defence was in place for that attack or focus has been in specific areas to the detriment of others.

The need for a solid defensive strategy.

Taking a look at physical business security, there are absolute comparisons to cybersecurity.

If installed locks are identified as inadequate or faulty, they are replaced. 

If building material presents a health hazard or fire risk, they are replaced or patched. 

Most businesses have smoke alarms, fire extinguishers or sprinkler systems installed to mitigate both external and internal risk and so on. 

Insurance premiums more often than not, are in some way tied to the level of physical security in place.

Business networks and endpoints are no different. 

If it isn’t working it needs to be fixed, swapped out or augmented.

The Australian Signals Directorate (ASD) has an excellent security guide, designed for Federal government and agencies, that is absolutely relevant to the security of all businesses. 

This should be standard reading for all security professionals and IT administrators responsible for the cyber security of their organisation.

About emt Distribution
3emt Distribution is an Australian-based value-added distributor and vendor representative with a presence in Australia, Singapore and Hong Kong. emt offers solutions that address the top four mitigation strategies to prevent cybersecurity incidents, the broader strategies in the Australian Government’s Information Security Manual (ISM) and Threat Management.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.