Cyber resilience limping along? Three mistakes are often to blame
Cyber resilience is not just a "nice to have" but rather a concept that companies should pursue in order to establish holistic security including the fastest possible recovery after an incident. This includes protection against cyber attacks as well as the necessary technologies and processes that must take effect after an attack with consequences.
The consequences of a cyber attack can be devastating. They range from financial losses to reputational damage to legal repercussions. And the risk is increasing. Latest Studies confirm that ransomware attackers succeed in encrypting data in 71 percent of attacks and that the overall cost of recovery doubles when a ransom is paid. In addition, data is also stolen in 30 percent of ransomware attacks in Germany.
The good news: companies can protect themselves against this by taking into account the five pillars of cyber resilience: identify, protect, detect, respond and recover. However, mistakes keep happening in the implementation of cyber resilience, which subsequently imply supposed security - just long enough for cybercriminals to find a gap in the seemingly secure wall of protection and cause major damage. The experience of Arcserve's data security and recovery specialists shows that there are usually three mistakes in the affected companies that lead to high risk and subsequently contribute to damage from cyberattacks.
The value of digital data is underestimated
One of the most consequential mistakes in cyber resilience efforts is that organizations misjudge the importance and value of their data. To realize the strategy of cyber resilience in cybersecurity, it is essential to fully understand the exact value of data, including intellectual property, customer data and proprietary information. Only then will leaders realize the importance of data to the business and what resources, budgets and solutions are needed to protect it. Often, insufficient awareness leads to inadequate protections, such as weak passwords, outdated software, and inadequate access controls, exposing the business to cyber threats in the first place.
The fact is that with the increasing reliance on digital technologies and data-driven decision-making processes, digital assets are more valuable than ever. Nevertheless, cybercriminals are on the hunt for this very data, because in addition to encryption, business interruption and ransomware, it can be sold underground at horrendous prices. Organizations should therefore conduct a thorough risk assessment to identify their most important assets, better understand potential Achilles heels, and implement robust security policies to protect data. These measures should include continuous monitoring, patching and updating systems and software, and implementing strong authentication mechanisms and encryption protocols.
Companies should also pay particular attention to checking potentially outdated operating systems and applications. This is because these can represent a significant problem and gap in the data security strategy - for example, if a backup provider cannot support the outdated operating systems. It's important to assess how many legacy applications are running on older operating systems and whether they can be backed up. If a company is still running legacy applications - perhaps forced to do so - and they cannot be backed up, it is essential to solve this problem to ensure data protection and security.
The ineffective management of risks by third parties
Many companies increasingly rely on third-party vendors, suppliers and service providers to support their business operations. These external partners often have access to critical systems, data and networks. But not all third-party providers have a solid cybersecurity structure in place and can become a critical vulnerability or gateway for cyberattacks.
Organizations often fail to thoroughly assess the cybersecurity of their third-party vendors and ensure that they adhere to at least the same security standards as they do. Poor cyber resilience at third parties can create vulnerabilities in the cybersecurity chain. This gives cybercriminals the ability to exploit vulnerabilities in third-party systems and gain unauthorized access to a company's data or systems through the digital chain (supply chain). Comprehensive due diligence on third-party vendors provides a remedy. This assesses their cybersecurity capabilities, which simultaneously leads to solid contracts and agreements that clearly define security expectations and responsibilities. Of course, this one-time status quo does not last forever. Regular audits of third-party vendors ensure that they do not slacken in their security efforts, but rather adapt and evolve their security in light of the ever-changing threat landscape. Incidentally, such audits are also the basis for compliance with data protection regulations.
Third-party cyber risk is particularly acute for organizations operating in a hybrid cloud environment. This is because supporting different cloud platforms and ensuring that they work well together can be complex and result in security breaches. The solution: organizations should develop an appropriate data protection and recovery strategy for their hybrid cloud environment. This includes choosing a cloud storage solution that provides continuous snapshots, multiple recovery points and security controls for private, public and SaaS environments.
Contingency plans without testing are rarely good in an emergency
Companies invest considerable resources and budgets in the development of emergency plans. The goal is to nullify or at least mitigate the effects of cyberattacks in an emergency. However, such plans often disappear in a drawer without further review or continuous adaptation until one day they are needed. By then, however, it is often too late, because no one knows whether the plan will actually work, since neither the interaction of employees and technology has been tested and practiced, and because too many general conditions have changed significantly since the plan was created. Experience shows that incident response strategies and plans are only effective if they are regularly tested, refined, and updated based on evolving cyber threats and changing business needs.
To eliminate this problem and to determine the effectiveness of emergency plans, companies should regularly conduct exercises or simulated cyberattack scenarios. These exercises help identify gaps and weaknesses in the plans and make necessary adjustments. This includes a detailed evaluation of the tests to determine the effectiveness of the response and potential for optimization. This continuous feedback loop is critical to improving an organization's response capabilities and the effectiveness and relevance of its plans.
Conclusion: Safe with security
One thing is clear: as the threat landscape evolves, organizations must avoid mistakes in their cyber resilience efforts. Understanding the value of data, effectively managing third-party risks, and actively testing contingency plans on a regular basis are the foundation for functioning and robust cyber resilience.
Author:
René Claus is EMEA MSP Sales Director at Arcserve.