This week’s blog features an article from our partners at Arcserve about choosing and implementing the best cyber resilience solution for your business.
You’re at risk from ransomware attacks no matter what size your organization. In a recent survey, an astonishing 80 percent of 1,100 IT and OT pros said their organization had already experienced a ransomware attack, with 52 percent paying a ransom of at least $500,000. Pervasive is the word DCIG President and Founder Jerome Wendt uses to describe the ransomware epidemic in his recent Technology Report, “Identifying and Deploying the Right Cyber Resilience Solution.”
The report also says the inevitability of a ransomware attack and its devastating impacts makes complacency a risky option. The recommended response? Put a combination of cybersecurity and cyber resilience technologies in place that works together to defend against ransomware.
Start With Cybersecurity
The report suggests that a zero trust cybersecurity approach is an excellent first step in bolstering your defenses. Zero trust controls access to your corporate IT systems and digital assets using technologies including multi-factor authentication (MFA) and role-based access controls (RBAC) to authenticate system and user access. Cybersecurity technologies like antivirus software and firewalls are also crucial to your defenses.
To help clarify the differences between cybersecurity and cyber resilience, here is the definition of cybersecurity from the Cybersecurity and Infrastructure Security Agency (CISA): Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.
Cyber Resilience Goals: Augmenting Cybersecurity
The DCIG Technology Report explains that the cyber resilience technologies differ from cybersecurity solutions in that they reduce and mitigate your organization’s risks when a ransomware attack occurs. The critical criterion for cyber resilience solutions is the ability to withstand an attack and let you continue to operate, potentially in a degraded state.
Here’s the definition of cyber resilience from the National Institute of Standards and Technology (NIST): The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
The DCIG report outlines four goals that cyber resilience products should meet to be worth considering.
Anticipate a Cyberattack
Since it’s clear you’re going to be attacked by ransomware at some point, you need to be prepared. The report says that there are three approaches to doing so:
- Use third-party cybersecurity providers to monitor and send alerts regarding ransomware attacks
- Monitor your hardware and network resources for unusual or suspicious activity yourself
- Regularly scan and analyze your data for ransomware
Ultimately, monitoring is the linchpin of preparation.
Withstand a Cyberattack
Again, given that you’ll likely experience a ransomware attack—and understanding that you may not detect an attack for hours, days, weeks, or even months—the report says you need to put software and technologies in place that can withstand both overt and covert attacks.
The report notes that overt attacks are in some ways better than covert attacks in that they cause immediate disruptions to IT and business operations. For these, you need cyber resilience software and technologies that help you survive and continue operations when the incident occurs. The suggestion is to either take these systems offline or air gap them to keep them secure. Since you may not discover an attack for some time, you also need cyber resilience software and technologies that continually protect themselves, securing and monitoring all activity on your systems.
Recover From a Cyberattack
Even if you do everything we’ve talked about that the report covers so far, you may still become a ransomware victim. So you need to configure your cyber resilience solution to place the right data on the right storage media to meet your recovery objectives. Fast recovery media options include cloud, disk, flash, tape, or a combination of these. And you need to test your recovery processes so you know you can respond to both covert and overt ransomware attacks.
Continuously Adapt to Change
IT environments are constantly changing, often without considering the impacts on your cyber resilience solution. That’s why the report points out that, for your cyber resilience strategy to be viable, you need to monitor and track changes to your IT environment—and update your cyber resilience solution whenever these changes make it necessary.
Data Protection and Disaster Recovery Plan Viability
The report refers to the NIST cyber resilience definition as your guideline, but it’s also worth looking at the NIST publication Developing Cyber-Resilient Systems: A Systems Security Engineering Approach.
The DCIG report suggests you get answers to these questions when considering data protection software and technologies:
- What measures do these products take to anticipate attacks?
- How well do they withstand attacks?
- How quickly can they recover and bring production systems and data back online?
- Does the software and technology meet your disaster recovery (DR) objectives?
Key Data Protection Features
The report adds that these critical data protection features should be included in your chosen solution:
- Restrict and monitor access by authenticating users with RBAC and MFA
- Monitor and log all user actions and validate and authenticate any changes or deletions to backup schedules or data
- Consider requiring a second user to authenticate critical actions like unscheduled deletions of backups
- Forensic analysis of backups with the ability to scan backup data for unusual data change rates and the presence of ransomware
- Store backups in an immutable format so they can’t be maliciously deleted or encrypted
There’s a difference between cybersecurity and cyber resilience. Cyber resilience focuses on how to withstand and recover from a cyberattacks. Of course, your first goal as a business would be to prevent cyber attack altogether, but you still need to be prepared in case it does happen. That includes around the clock IT monitoring and data recovery plans.
Computers Nationwide has an excellent suite of services that can help your business achieve cyber resilience. CN offers Cyber Security, Security Awareness Training, as well as Managed IT services that include network monitoring and alerting, service dashboards, and insightful reporting in order to keep your business safe and secure while you focus on running your business.