Figures have shown that the number of cyber-incidents are rapidly increasing. Gregg Petersen, Regional Director – MEA at Cohesity, offers insight into three signs that suggest a security posture is not up to scratch – discussing the lack of alignment between IT and security, overconfidence in recovery capabilities and equipment and talent gaps.
Businesses are under attack – daily, hourly, by the minute. Threat actors are on the move, emboldened by new digital circumstances – mass cloud migration, remote work’s renewal of the BYOD conundrum and a host of other third-party complexities.
The figures speak. In the third quarter of 2022, the United Arab Emirates saw the largest increase in the number of cyber-incidents in the Asia region – 151% compared to the same period last year, according to a report from Checkpoint. And earlier in the year, national media reports were citing a Sophos study that found 59% of UAE organisations had been hit with ransomware in 2021, up from 38% the previous year. Of course, many still pay up rather than face days or weeks of downtime. This not only encourages ransomware gangs to hit the same targets; it encourages them to up their game, encrypting backups and exfiltrating crown jewels.
Cohesity’s findings from our own recent research shed light on how we can take back control and stand tall against threat actors. Cyber-resilience has become a hot topic in the wake of pandemic lockdowns when the region’s stakeholders felt the pinch of uncertainty more keenly than ever. Wake-up calls not only forced many to reevaluate their positions on Business Continuity; they also focused business leaders’ minds on broader matters of risk posture and compliance maturity. Which brings us back to cyber-resilience.
Many have a false sense of security when it comes to attack scenarios, despite the plethora of headlines telling sad tales of those who were of a similar mindset – until hit by a costly incident, that is. We found that many businesses believed their backup infrastructure was sufficient to recover completely if attacked within the next 24–72 hours. But when we look further, a more nuanced and less comforting story emerges. Here are three signs that suggest a security posture is not up to scratch.
1. Lack of alignment between IT and security
The security team must stick to security and the IT team must focus on backup and recovery. If one considers a modern threat like ransomware, it becomes immediately apparent that this view is outdated. The two disciplines need to become one, or at least collaborate, to ensure that the organisation has a plan to recover in the event of an attack.
We found that 31% of SecOps decision-makers considered collaboration with IT to be some degree of weak and 13% of IT decision-makers agreed. But cyber-resilience is far greater when IT and security teams work together, bound by the same goals and KPIs. If they jointly take ownership of strategy and policy, looking at each through the holistic lens of the NIST Cyber Security Framework (identify, protect, detect, respond and recover), they will win more than they lose.
2. Overconfidence in recovery capabilities
We found 90% of teams thought they could recover data after an attack. We think this represents a risky overconfidence, especially in light of other findings, such as the fact that 55% see data backup as a non-crucial responsibility. Choruses of ‘not my job’ are cold comfort in the aftermath of a cyberattack. This is the opposite of the take-ownership attitude we need from a combined security-and-IT team – a team that knows where the data is, how it is protected, where the vulnerabilities lie and how to address the weaknesses. This team should also be able to recite the Path to Recovery song by heart. Better yet, aligned SecOps and IT teams can sing the song in harmony, which raises confidence among other stakeholders, not to mention business partners, investors, regulators and customers.
3. Equipment and talent gaps
Almost one-in-three (32%) SecOps and IT decision-makers described their backup-and-restore systems as some variation of antiquated. This is not good news. Older systems are tempting targets for RansomOps groups that are well-versed in exploiting the patchwork complexities that these older systems represent.
Let’s also not forget the inevitable surge in TCO as any platform nears EOL status. Recent changes in IT access have called for increased storage capacities to supporting remote workers and for the integration of legacy systems with modern ones. Such steps take more time and cost more money when working with older systems.
Meanwhile, IT and security leaders still must contend with skills gaps. And in a competitive labour market the employee experience has lately come to mean much more than salary and benefits. The entire work experience is under the microscope. Businesses that are able to offer digital tools that turn everyday tasks into child’s play will attract the best and the brightest. For IT and cybersecurity recruitment, this starts with an advanced, comprehensive backup-and-restore system rather than one that is taping up multiple punctures in a defunct tire.
As a team
In cybersecurity, confidence is everything. SecOps and IT teams working side by side can bring that confidence, but they need the best tools available to do so. A legacy relic held together with crossed fingers and wishful thinking is about as useful as a handbrake on a canoe, and just as dangerous.
Click below to share this article