Story image

Businesses must focus on prevention, not rely on backup - emt

09 Apr 18

Article by emt Distribution chief marketing officer Scott Hagenus

There has been a shift of direction in the thinking of the Cyber Security Industry.

Endpoint Detection and Response (EDR), that is detecting a threat and investigating it, and Backup appear to have unusually high or disproportionate amounts of airtime. 

What happened to prevention?

In the past 18 months, security professionals appear to have given up. 

A bold statement, but when you look at the fact that security policies are pushing backup as security, it feels like an admission of a failure to protect. 

Deploying tools to monitor suspicious activity on a network is a sensible move, but not if it is at the expense of defensive technology that prevents malicious activity from the outset.

Back up is recovery, not cybersecurity. 

If files are deleted, a VM is destroyed, archives or email are corrupted, backups are used to recover them. 

The same is true for a cybersecurity incident, such as ransomware, encrypting, restricting access to or destroying files. 

Backups help to recover the files, or as a last resort payment of the ransom may allow access to the impacted files. 

However, the fact remains the malicious actors have been let through the door and possibly into every room in the house. 

A survey by Malwarebytes reports that Australian businesses are twice as likely to pay a ransom then their offshore counterparts as reported in the Financial Review (Aug 2, 2017), with 35% of the 127 businesses in Australia who responded to the survey having been impacted by Ransomware.

Backup is recovery, not cybersecurity.

The global appetite to include backup in cybersecurity mitigation strategies is distressing for two reasons:

  • Backup should be part of any business or agencies DNA.  Since the 1950’s punch card days, backups have been standard procedure, even before the digital era. Triplicate Invoice and order books with carbon copies existed for a reason. 
  • If an organisation has to fall back on backups, they’ve been breached.  This means there’s been a gap in their defence. 

Just because defences failed doesn’t mean all strategies of defence would fail.

Invariably, it means that the wrong type of defence was in place for that attack or focus has been in specific areas to the detriment of others.

The need for a solid defensive strategy.

Taking a look at physical business security, there are absolute comparisons to cybersecurity.

If installed locks are identified as inadequate or faulty, they are replaced. 

If building material presents a health hazard or fire risk, they are replaced or patched. 

Most businesses have smoke alarms, fire extinguishers or sprinkler systems installed to mitigate both external and internal risk and so on. 

Insurance premiums more often than not, are in some way tied to the level of physical security in place.

Business networks and endpoints are no different. 

If it isn’t working it needs to be fixed, swapped out or augmented.

The Australian Signals Directorate (ASD) has an excellent security guide, designed for Federal government and agencies, that is absolutely relevant to the security of all businesses. 

This should be standard reading for all security professionals and IT administrators responsible for the cyber security of their organisation.

About emt Distribution
3emt Distribution is an Australian-based value-added distributor and vendor representative with a presence in Australia, Singapore and Hong Kong. emt offers solutions that address the top four mitigation strategies to prevent cybersecurity incidents, the broader strategies in the Australian Government’s Information Security Manual (ISM) and Threat Management.

Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
APRA Prudential Standard CPS 234: How to communicate with the board
The Australian Prudential Regulation Authority’s standard, CPS 234, is aimed at minimising the threat of cyber attacks for APRA-regulated entities.
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.