The last five years have been turbulent for the information technology industry. As technology has become more advanced and ubiquitous, so have the threats facing the industry. To counter these threats there are a multitude of security services and technologies, presenting a myriad of options for modern businesses. This can be overwhelming for those who are unprepared.
The scale of attacks facing the information technology industry has increased considerably in recent years. Organizations no longer only worry about lone hackers and insider threats. Instead, a wide range of threats now face modern businesses, such as data breaches and Data hijacking attacks. According to StatistaIn 2021, the average downtime spent recovering from a ransomware attack was Estimate be older than 20 days. Meanwhile, there are significant financial penalties for organizations found to have been negligent in their data protection duties following breaches.
This rise in threats has also been driven by the ease with which attacks can be carried out, such as through the use of illegal hacking services offered on the dark web. Although there have been some high-profile arrests, these have not been as frequent as the rise in cyberattacks. “No one is being punished in court,” observes Brad King, chief technology officer for Scale. “You can stop murderers by putting them in jail, but when those people [hackers] eventually they get caught, they will be locked up, and six months later they will do the same thing again. “
After several high-profile attacks, such as the WannaCry ransomware attack on the NHS in 2017, which received significant media coverage, awareness of the threats posed by bad actors has increased. People outside the IT industry are much more aware of cyberattacks and are therefore demanding that more be done to protect their data.
Decision-making driven by fear
All of this has combined to create an atmosphere of fear within the information technology sector. Limited IT budgets mean that the threat posed by malicious actors is no longer funneled into proactive preparations, but into reactive responses. “The IT industry is reacting to a lot of misinformed noise,” says Alex McDonald, EMEA president of the Storage Networking Industry Association (SNIA). “What we’re trying to do is make sense of what people want: they want cost-free security that’s infinitely flexible.”
The focus on reactive responses has been compounded by the technological arms race between security teams and hackers. Hackers launch a new form of attack, against which cyber security teams develop a new defense, making hackers adapt. As a consequence, there are many new technologies on the market, which organizations may feel compelled to purchase for scenarios “just in case.”
Therefore, end users run the risk of being overwhelmed by the number and variety of security products available. This has as much to do with the marketing of a product, driven by vendors competing with their market rivals in a saturated industry, as it does with the range of products available. Therefore, for suppliers to stand out in such an environment, there is a temptation to overemphasize their products.
Therefore, it is necessary for end users to take a pragmatic approach in their purchasing strategies, considering their profile of threats and potential vulnerabilities. “It’s about managing a balance between risk and reward, around the assets that are important to an organization,” says Paul Watts, a distinguished analyst at Information security forum (ISF)
Enterprise networks are much more complicated now than they were before. This, in turn, has made securing them more challenging, especially given their greater reach and greater accessibility to data. “You have your web servers, data servers and these things interact,” says King of Scality. “There is no such thing as a system that can just jump into yesterday morning’s backups.”
Prepare, instead of reacting
Before making any purchase, it is necessary to obtain a complete understanding of the networks that will be supported and the data flow through all of them. This analysis will allow an easier selection of appropriate security technologies to meet relevant security demands.
Such an analysis should include the projected growth of an organization’s network, because being trapped in a security service that does not allow for growth could quickly become a limiting or limiting factor.
This information can be part of a purchasing plan, allowing organizations to accurately estimate their anticipated purchases. It also reinforces an important notion that security is no longer an IT issue, but a business issue. Therefore, this gives more flexibility to the IT budget, allowing for better long-term and strategic planning.
Another side effect of the spread of fear is that much of the focus is on the fear of being hacked. So while many seek to identify and block potential malicious actors, there is a tendency not to consider the potential ramifications of being hacked.
In many ways, it is almost a given that organizations will be hacked; and the bigger they are, the bigger the target becomes. Detecting and blocking piracy is important, but equally, there needs to be preparations for what happens when there is an attack and how lost data and network functionality can be restored in the later recovery phase.
“Everyone can do backups, but can anyone do the restore?” says King. “It’s about recovery.”
Experience, not just education
A solid disaster management plan, formulated with the elicitation of experts and tested for unforeseen problems, will be invaluable in enabling rapid data recovery. Having the appropriate recovery scenarios in place allows organizations to have advanced preparations for the necessary responses they need to take as soon as an attack occurs. Good practices can be reinforced by conducting simulated disaster scenarios, such as a data breach or distributed denial of service (DDoS) attack, allowing IT teams to gain practical experience in a network attack and how respond in the worst case. .
However, the preparation of a suitable security strategy document requires an author or authors with the appropriate training and experience. “I’m looking for knowledge, experience and a reputation,” says Watts of the ISF. “There are a lot of people in the market who have his credentials. You can swallow the textbook, but applying that knowledge in a business setting is what earns you your stripes. “
Further assistance will be available soon, in the form of an industry standards, accreditation and regulatory body. The UK Cybersecurity Council was formed recently, initially part of the Department of Digital, Culture, Media and Sports (DCMS), before becoming an independent government body. Its aim is to develop and promote nationally recognized standards for cyber security in support of UK government regulations. National Cyber Security Strategy. By 2021 his stated vision was that ‘the UK is safe and resilient to cyber threats, prosperous and confident in the digital world’.
Part of the mandate of the UK Cybersecurity Council will be to bring together a number of professional bodies to form a framework of recognized cybersecurity accreditations. This will allow employers to more easily identify those with the experience and training necessary to develop a security procurement package for their networks.
However, the UK Cybersecurity Council will be a single regulatory body and some would prefer a different arrangement. “I would prefer multiple bodies representing the industry, rather than one,” says SNIA’s McDonald. “The more points of view and more different people are involved in it, the more transparent it becomes.”
Lead with knowledge, rather than reacting in fear
With ongoing media coverage of recurring data breaches, one can understand why there is an element of scaremongering, which can affect end users. Therefore, investing in cybersecurity technologies and services without first considering the need for purchases can lead to inefficient budgets. There is also the potential risk of being locked into a restrictive service that could expose the vulnerabilities of a network to attack.
Having a deep understanding of the current and expected network architecture, as well as the potential threat vectors it faces, enables a more conscious approach to security acquisitions and thus provides a more cybersecurity posture. effective.
It is unfortunate that it is not so much a case of Yes you will be attacked, but When. Focusing solely on prevention can leave vulnerabilities and lead to excessive downtime and data loss. A change in methodology towards a more holistic approach, considering data recovery in particular, will improve resilience and mitigate harmful levels of downtime after an attack.
There is a lot to worry about when considering the threat of a cyber attack, but a holistic risk-based approach to security will allow for a strong security posture.