Cybersecurity team

(Source – Shutterstock)

Why cybersecurity has to be a team sport

Article by Joe Ong, Vice President and General Manager, ASEAN, Hitachi Vantara

The cybersecurity landscape is constantly evolving along with advancements in technologies, and recent developments in artificial intelligence (AI) have muddied the waters even further. Generative AI such as ChatGPT, for example, can be harnessed to write malicious codes which can be wielded as weapons to infiltrate private systems. Any sharing of sensitive data with an AI chatbot is also prone to leaks or potential misuse by a third party.

Threat actors are taking advantage of the new wave of technology advancements to target and exploit vulnerabilities. Organizations need to ask if they are doing enough to prepare themselves for these challenges, which will inevitably escalate as innovation progresses, and if they have a coordinated plan of action to protect themselves.

In 2022, the Asia-Pacific region continued to be the most attacked region for the second consecutive year, accounting for 31% of all incidents remediated worldwide. According to IBM’s latest X-Force Threat Intelligence Index, cyber attackers are taking less visible and more insidious routes. Malware that allows remote access to systems, such as backdoors, was the top attack method (31% of cases), followed by ransomware (13%). The manufacturing sector was the most attacked in the region with 48% of cases, followed by finance and insurance with 18% of cases.

There are various strategies we can deploy to build ransomware readiness and resilience, but in order to tackle external threats properly, an organization must work as one coordinated unit. Or to put it another way, cybersecurity should be a team sport.

Begin by focusing on the basic categories

While the cybersecurity challenge has become increasingly complicated and difficult to manage, we can look at tackling the biggest security challenges today in three categories: data protection, people, and business continuity.

For data, the prime issue is to keep it safe, preserve its quality and be prepared to make it readily available in the aftermath of an attack. On the topic of people, this has to do with creating the proper mindset and culture, so that the people who matter are aware of the risks and perils of a likely ransomware attack. Concerning business continuity, the issue is about striking a balance between the ongoing running of the business and delivering effective security. There is a natural tension between the two: security practitioners are often expected to solve security concerns ‘in flight’ because the business cannot afford to pause key operations.

Joe Ong, Vice President and General Manager, ASEAN, Hitachi Vantara

Prevention is better than cure

To address the threat, companies should look at resolution through the lens of methodology, technology and culture, or, perhaps to put it more simply, through people, processes and technology. It is and always has been a multi-layered approach to holistically achieving prevention. In countering ransomware, nothing is likely to beat hard work. If you rehearse and rehearse prevention and disaster recovery, at the end of the day, the good habits will become deeply ingrained and as natural as muscle memory.

It does not pay to pay a ransom

Paying for ransomware recovery is not a strategy. Nor is insurance, for that matter. Rubrik Zero Labs found that only 16% of organizations recovered all data via attacker decryption tools after paying ransomware demands. The rest will have their data partially returned. Hackers do optimize their business by selling data on the dark side after they have been paid the ransom. This proves the point further that neither payment nor insurance can mitigate reputational damage nor prevent customer or client data from ending up on the dark web. Instead, there is a need for better readiness and resilience in the data center landscape with multiple escape routes.


 Best practices to adopt

Many CIOs agree that preparation and repetition are some of the best practices that can be implemented. Training exercises that are targeted and focused are the best approach. These should include mock attacks and exercises that demonstrate to organizations that they are capable of recovering data and should also include the involvement of important stakeholders such as key suppliers.

An interesting practice is to rethink the language we use to describe these events. “Disaster recovery,” for example, has a negative connotation. It is better to use “business continuity” which is both positive in outlook and speaks directly to the non-technical business leaders who need to champion the best efforts of the cyber teams. In other words, language also matters.

The goal is data and backup

Hackers target data and backup systems as these systems typically will contain sensitive information or valuable assets. By compromising data and backup systems, hackers can steal confidential information, disrupt operations by stopping applications, or demand a ransom to restore access to the data.

This can give hackers the best starting point for negotiation. Therefore, organizations need to implement strong security measures and backup strategies to protect their data and systems from potential attacks. This includes implementing encryption of sensitive data, immutable capacity, regularly backing up data to secure off-site locations, using digital twin technology, and implementing access controls to limit unauthorized access to backup systems.

cybersecurity team

Paying for ransomware recovery is not a strategy. (Source – Shutterstock)

The safety net against ransomware attacks

It is imperative to get the basics right in IT. The backup solution at the end of the chain is your last safety net, but there is much to get in place before then. There needs to be a focus on mitigation rather than recovery with a holistic view of an organization’s ransomware strategy. Let’s face it, the cost of a ransomware attack is so enormous that mitigating that risk with a well-prepared solution that can repel attacks makes sense every way you look at it. This is possible with a modern, elegant approach to data and a second layer of immutable storage to protect your most vital data assets.

Having escape routes

Modern data protection techniques can provide ransomware mitigation that helps organizations guard their data assets. It orchestrates the replication between on-premises, near-cloud, as well as public clouds to provide backups of the data. By creating an immutable storage environment with object storage, critical copies of data are “locked down” either in the near cloud or public cloud to ensure that ransom attacks do not encrypt your data and lock you out.

Ultimately, to be more effective, cybersecurity relies on the efforts of multiple specialists of every kind – from Chief Information Security Officers (CISOs) to network systems administrators, cloud experts, and more – working together in unity to achieve success. It takes a well-orchestrated team to avoid the pitfalls of cyberattacks.

To take the first steps, organizations and businesses can start by focusing on the three basic categories: using a suite of modern data protection solutions to keep data safe, instilling the right mindset and culture, and balancing business continuity with security. By doing so and encouraging a team-first approach, organizations will be much better able to guard against cyber threats.

The views in this article are those of the author and may not reflect the views of Tech Wire Asia.