Five data fundamentals to quash cybercrime
Article by Cohesity APJ head of systems engineering, Derek Cowan.
For cybercriminals, there’s never been a happier time - and for the rest of us a riskier time - than now, with constantly growing data footprints and operational disruption escalating the potency of cybercrime.
Whilst we are only through the first few months of 2022, we have already had several warnings from global and cybersecurity authorities, such as CISA and the ACSC, that this year is set to be one of the worst on record for cybercrime.
This makes sense considering our society and economy are becoming even more dependent on technology, internet access, and data, whether funding transnational logistics, buying a home, or streaming a reality TV show or football match from the other side of the world. However, we have already seen the landscape change in what is shaping up to be a turbulent 2022.
The cyber threat landscape has darkeningly expanded, with dire reports and advisories being circulated almost weekly on the increased threat of cyber-attacks - especially ransomware.
Only last month, crypto-currency analysis company, Chainanalysis reported that globally, about $US1.3 billion was made in ransomware payments in the past two years - an exponential increase from $US152 million in 2019.
Worse still, governments and cyber authorities worldwide have warned of increasing cyber-attacks on critical infrastructure facilities in the past few weeks, with countries such as Australia labelled as a key target.
There is no doubt the issue is resonating with national governments. Recently, the Federal Minister for Home Affairs in Australia, Karen Andrews, reminded citizens and businesses that the government took the issue seriously.
She stated in Parliament that “There is absolutely no doubt that our nation is facing a very clear threat when it comes to cybercrime and both business, individuals and governments need to be resolute in tackling it…”
Ms Andrew’s comments came only a matter of days after a landmark advisory from several of the Western world’s most important cyber security government authorities.
The advisory report, jointly authored by The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), The Australian Cyber Security Centre (ACSC) and The United Kingdom’s National Cyber Security Centre (NCSC-UK), should be seen by all organisations who manage customer or citizen data as a warning and call to action for the cyber threats to come.
Referring specifically to Australia, the report notes, “The Australian Cyber Security Centre (ACSC) observed continued ransomware targeting of Australian critical infrastructure entities, including in the Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy Sectors.”
However, governments and policymakers can only do so much. In this challenging environment, there is much that the public and private can do to get ahead of the challenge of ransomware and cybercrime, particularly when it comes to better governing, protecting and backing up their data.
So how can your organisation manage ever-rising cyber threats and work towards establishing greater cyber resilience? Here are five data management and protection best practices to consider implementing:
Accept & embrace your data proliferation:
Organisations had to shift rapidly to working from home as the pandemic set in and at short notice, resulting in greater data proliferation and the growth of local stores in applications or on devices that may not be visible to IT teams.
IT teams and organisations must now get a handle on all this data to adequately govern, protect, and benefit from it.
Review & revise your data policies and management approach:
Consider how you collect, govern, manage, store, protect, and back up data. With ongoing digital transformation, updates to regulations and legislation, and the integration of new technology, simply relying upon the way you’ve always managed data and your legacy data management technology isn’t enough.
Work backwards from the outcome you are looking to achieve, and reviewing your data management technology based on its next-gen capabilities, is a great place to start.
Invest in immutable backup technology:
Make sure you invest in data management technology that has immutability baked in rather than added as an afterthought. Immutable backups and their data cannot be modified, encrypted, or deleted, making them one of the purest ways to tackle ransomware as they ensure the original back job is kept inaccessible.
This means that while ransomware may be able to delete files in a mounted or read-write backup, these files cannot be mounted on an external system, and the immutable snapshot will be unaffected.
Implement Encryption and Multi-factor Authentication capabilities:
Multi-factor authentication should be implemented across and throughout your technology stack, whether it’s an end-user employee logging into their email, company intranet or internal hub, file system, or it’s your backup data being accessed.
While strong passwords with multiple criteria are helpful, they do not offer guaranteed protection, which is why multi-factor authentication is the best way to mitigate against phishing and other password hacks.
Encryption is vital in data protection and backup, and backup data should always be encrypted either at rest or in transit over a network, with AES 256-bit encryption to secure data.
The right next-gen data management technology will offer encryption capabilities that know when data ingested into backup solutions are changed, whether compressed or de-duplicated.
In addition, it will alert relevant IT or Security teams because an unplanned change is usually a red flag that a malicious act like ransomware is occurring.
Adopt the 3-2-1 rule to backups:
Under this rule, you must have at least three copies of your data, store the copies on two different types of media, and keep one backup copy offline or offsite. This simple approach means you will always have an available and usable backup of your data and systems.
Offsite and offline backups not only limit the effects of ransomware but help to maintain business continuity. When combined with the right security solutions and employee awareness training, this rule may help prevent ransomware altogether.