Survey after survey shows us that cyberattacks continue to wreak havoc among the unprepared.
To select just one from many, The State of Ransomware 2022 from Sophos tells us that 66% of organisations surveyed were hit by a ransomware attack in 2021. That is a dramatic rise from 37% in 2020. This report also highlights the increasing cost of attacks, showing that in 2021, 11% of organisations said they paid ransoms of $1 million or more, while in 2020 the number paying that amount was 4%.
Global research we commissioned and published earlier this year sheds interesting findings on how organisations can improve their cyber resilience. We learned that many organisations have a false sense of security about their capabilities in relation to cyberattacks. Many stated that they thought the backup and recovery infrastructure they have in place is sufficient to make a complete recovery if attacked within 24-72 hours. But, when probed further, respondents expressed major concerns tied to cyber resilience in other areas. Let’s explore these areas of concerns and talk about risk mitigation as well.
Quality of alignment between the IT and SecOps teams
We tend to think of the security team as solely responsible for all aspects of systems security implementation and management, with the IT team more focused on enabling the workstreams of the organisation through data protection, and ensuring backup and recovery systems are properly implemented. Given the complementary nature of security threats, and needing to easily backup and recover if / when an attack occurs, it seems logical that these two groups would collaborate closely. But, that’s often not the case.
In fact, we found this split between the two roles to be worryingly prevalent in our research. 19% of UK SecOps decision-makers responding to our survey believe collaboration with IT is not strong, and 5% went as far as to call it “weak.” Flipping the coin, among IT decision-makers, 16% believe collaboration is not strong. Across the two roles, in total, 20% of IT and SecOps respondents believe the collaboration between the two is not strong.
But in fact, IT and SecOps need to work together on many areas if they are to secure maximum resilience against cyberattack. They need to jointly own the overall cyber resiliency strategy, collaborating before an attack takes place and looking holistically across the NIST Cyber Security Framework which includes five core capabilities: identify, protect, detect, respond, and recover. They should also have shared ownership of the associated KPIs.
Over-confidence in ability to recover data
When it comes to data recovery, organisations must have total confidence in their ability to recover. There is absolutely no value in entering into a data recovery exercise – real or because you’re testing systems – with an expectation of anything less. False confidence is a dangerous thing, and something to be very wary of.
Our research found that 90% of teams think they can recover from an attack. That’s short of what we’d like to see – obviously 10% lack that confidence. But even that 90% figure may be over-confidence. We also found that 55% fail to see data backup as a crucial part of their responsibility. If someone doesn’t have any responsibility for backup, then their confidence may be misplaced. The “not my job” response wheeled out after a costly outage might be technically true, but an awful situation for the organisation.
We also found that 15% of IT and SecOps decision makers don’t know where or how their organisation’s data is stored. We have to wonder if the organisations in question are in the least concerned about this, but if they aren’t we are. How can there be any measure of confidence in the ability to restore data if its whereabouts is not known?
When SecOps and IT teams are better aligned , it becomes possible to share responsibility for, and ownership of backup and restore, and inevitably that means also understanding where and how all data is stored. This can help raise confidence in data recovery systems to the highest level possible – and ensure it is a confidence based on reality rather than blind faith.
Equipment and talent availability
When we asked SecOps and IT decisions makers about their backup / restore equipment we found that globally, 32% say they have an antiquated backup system.
Clearly the older a backup / restore system is, the less likely it is to be able to cope with the nature of modern attacks. Attack vectors develop with remarkable speed, and are ready to exploit any loopholes. Older systems are likely to be more leaky, and have an approach to protection against modern attacks based on sticking plaster implementations which, layer by layer, become ever more complex and unwieldy.
Older systems can be more costly to maintain too. Adding new storage, supporting the mass of remote workers that is now common for many, integrating with modern software and services as they come on stream within the organisation, these things take more time and cost more money when working with older systems.
This is before we even consider the current and growing talent shortage. Already, according to one recent survey, 87% of organisations identify a shortage of cyber security skills, and 51% are concerned that security investment isn’t keeping pace with digital business. In a situation where organisations may find themselves competing heavily for the best talent, it makes sense to offer them rewarding work with a newer, sophisticated backup and restore system rather than one which is papering over ever more visible cracks.
For organisations fighting the ever present scourge of cyberattacks, confidence in resilience is essential. SecOps and IT teams should work together as much as possible where this crucial area is concerned. After all, if confidence is not built on backup and restore systems which can meet the challenges coming from today’s bad actors, it may be as useful as a chocolate teapot – and much more costly.
About the Author
Mark Adams is Regional Sales Director, Northern Europe at Cohesity. We believe that simplicity is the foundation of modern data management. Our mission is to radically simplify howorganizations manage their data and unlock limitless value.
Featured image: ©James Thew