We asked industry experts what is the consequence of organizations continuing to underestimate the level of damage cyberthreats can do and what can be done to avoid this situation? Here are their responses.
Anthony Daniel, Regional Director – Australia, New Zealand and Pacific Islands, WatchGuard Technologies
Despite widespread media coverage of damaging cyberattacks that occur on a seemingly daily basis, many organizations are yet to take the steps required to secure their IT infrastructures.
In many instances, the attitude of ‘it can’t happen to me’ means investments are not made or tools put in place that could lower risks and ensure damages are reduced should an event occur. Often, these organizations don’t change this stance until they actually fall victim to an attack.
This attitude is particularly troubling when you consider the current level of cyberthreats that exist. According to the recent WatchGuard Q4 2020 Internet Security report, more than 60% of malicious files are zero-day malware. This means these files can’t be detected by signature-based protections and could remain within an infrastructure for an extended period.
The report also found that, although the number of unique ransomware payloads dropped by almost half during 2020, the malware that is spreading is much more sophisticated.
Concerningly, cryptominers are back on the rise, following a lull in 2019. Research has found unique variants have climbed more than 25% year-on-year and reached 850 types during 2020.
As well as causing significant disruption to business operations, a successful cyberattack can damage an organization in other ways. Media coverage of the incident can inflict brand damage and discourage customers from transacting. If sensitive data is lost, there could also be regulatory consequences.
Leaving the deployment of a security infrastructure until an attack has occurred can be costly in other ways. Once the decision to deploy has been made, an organization is likely to be faced with a requirement to make a significant up-front investment.
Taking a proactive approach
To reduce the likelihood of falling victim to a cyberattack, an organization should undertake a proactive strategy that puts required tools in place and educates staff about the risks being faced.
In this way, the need for a large one-off investment is removed as costs can be incurred over time. There will also be more opportunity to carefully consider alternatives and implement those which are the best fit for operations.
Being proactive also ensures that the organization is best prepared when new threats emerge. Working with their chosen security vendor, it’s possible to quickly augment existing protective measures and ensure they can withstand new styles of attack.
Above all, an organization should clearly communicate to all its staff that IT security is not something that is the sole responsibility of the IT department. Each and every staff member needs to understand they also have to be on the lookout for threats and avoid activities or behaviors that might increase the chance of an attack succeeding.
Continuing to underestimate the level of damage that cyberthreats can cause is short sighted and could caused significant damage. Taking steps now to put in place suitable layers of protection could help to avoid this damage in the future.
Shiva Pilay, Senior Vice President APJ at Veeam Software
It is no longer a case of ‘if’ businesses will fall victim to cyberattacks but ‘when’. Cybercriminals are well versed in exploiting weaknesses in enterprise IT systems and organizations that underestimate them risk data loss, financial loss and often irreparable damage to their business’ reputation.
Understanding these risks and proactively implementing prevention measures will go a long way to guaranteeing the safety of your critical data.
The damage cyberthreats can inflict upon organizations is staggering. There is no silver bullet for protecting against ransomware attacks and organizations have seen the full force of its impact in recent years. Veeam’s 2021 Data Protection Report revealed that 82% of organizations feel that they have an issue with recovering applications in time. When fundamental operations are disrupted, organizations find their hands tied and their capabilities lost to customers, putting their money and reputation at risk.
The best way to avoid this situation is prevention.IT leaders can follow these three steps to ensure their organization is armed with the fortification it needs to stave off potential attackers:
- Implement Encryption: Data encryption gives your organization the upper hand when your data is compromised. Encrypting backups prevents unauthorized access to backup files, rendering them useless to a party without the decryption password. This ensures that your organization’s private data is always safe, even if an attacker gets past the firewall.
- Implement infrastructure: Critical systems should be protected by toolsets that provide secure remote access, enable multi-factor authentication and allow least privileged access. The more secure barriers there are to entry, the stronger your data protection will be. Controlling access is crucial.
- Be ready to remediate: Hacks are inevitable, so your organization must be prepared to remediate a threat if introduced.
The first step to remediation involves tapping into your backup vendor partner’s expertise and resources. Leveraging IT partnerships can fill the gap between your configured solution and what might be missing, taking the burden of protecting your data off your shoulders.
Secondly, your organization should have an internal strategy that outlines a communication plan and identifies who is responsible for critical decisions, such as making a call to restore data, when recovering from a disaster. A list of security, incident response and identity management experts will help enable swift contact and action should their resources be required.
Finally, do not pay the ransom. The only option is to restore data. Implementing a full backup and Disaster Recovery plan gives organizations the ability to recover data in an attack, minimizing the risk of financial and reputational damage.
Ultimately, cyberthreats will exist as long as there is data to steal. Preventative measures are the best way to fight ransomware and avoid data loss, financial loss, business reputation damage and more. By implementing these strategies, organizations can learn where threats lurk and build a resilient IT environment that mediates risks and gets organizations back up and running as fast as possible.
David Friend, Founder and CEO, Wasabi
Why do so many companies underestimate such risks? A 2019 YouGov survey indicated that 66% of companies with fewer than 500 employees didn’t believe they would fall victim to a cyberattack, and that just 9% of businesses surveyed ranked cybersecurity as their top business priority. Such stats clearly demonstrate that there’s an education gap that needs to be filled across industries to elevate the importance of this issue.
The fact that the enterprise doesn’t perceive the risk of ransomware to be a priority is at odds with the amount of damage that ransomware is doing to businesses. In the UK, nearly 60% of companies struck by ransomware end up paying their attackers, with the average ransomware payout being US$84,116 in Q4 2019.
Payouts are just the tip of the iceberg. As ransomware locks users and organizations out of their data, business operations can quickly be shut down for days or weeks, which could risk the livelihoods of many. When you look at the damage done to regular business activity by way of ransomware, it’s easy to see why companies are tempted to pay up – in 2020, IBM estimated that downtime from data breaches cost the average company US$1.52 million worth of lost business and before the pandemic, the total cost to business operations inflicted by ransomware attacks globally was projected to be US$11 billion.
In the end, computers and other hardware can be replaced, but in the vast majority of cases, lost data represents the product of countless man-hours of work, which cannot be replaced without huge expense. If enterprises want to offset this risk, they must first and foremost develop a rigorous data backup strategy that diversifies where they store their data to spread risk. Backups are a vital part of any organization’s IT strategy and ensuring multiple redundant backups are available helps to reinforce organizational resilience to cyberthreats.
At a minimum, IT decision-makers should be keeping three different backup copies of the same data, with two on different media formats and with one of those kept off-site – what the storage industry calls the 3-2-1 rule. Keeping a backup off-site is key as it allows organizations to ‘air-gap’ backups from one another, enabling greater data protection and security through physical distancing.
A hybrid cloud strategy can also be of huge benefit when tackling cyberthreats. By combining an on-site dedicated storage system for local backup and setting it up to synchronise with a cloud backup service on a regular basis, data continuity is maintained and the risk of disruption knocking out all sources is significantly decreased. It’s also a good idea to have your data stored in different vendors’ systems so that hacks or even software bugs in one system don’t risk data loss globally too.
Click below to share this article