Alex Konnaris, Group CIO, RMA Group Company Limited
Looking back over the years, we have seen many kinds of security threats. If we were lucky, none of them impacted our data, at worst some of them caused some minor disruptions. Information Security is an enormous topic and there is a good reason for it, the threats to our data are real. Threats have changed in size and scope, so we are no longer able to ignore them. We used to be able to say to ourselves "I'm not important enough to be a target" but this is not true in today’s day and age. The reason relates to the exponential growth of computing power, internet bandwidth, storage capabilities and availability of tools. The dark-web is now populated by seriously motivated organized groups, with the intent on making revenue or cause major disruption - cyber-crime is a huge industry and it is growing. The tools are widely available and more sophisticated, all that’s needed is some information, a little automation and watch the fireworks remotely. Whether they are a simple hobbyist or part of a large criminally minded organization, data is either publicly available, can be mined or purchasable for a few dollars on the Dark-Web. Hackers don't really need to know who the targets are or what they are worth, they are only interested in compromising systems and any bonus of making some money. If you are still asking yourself "why me?", its rarely related to your computer systems, it’s the general availability of data combined with compute power. Large amounts of seemingly subtle information enable others to build it into something valuable. It’s happening every day in the connected world, so much so that we rarely question it. In the same way as our personal data, we are also giving way snippets of data that pertain to our computing systems, we are being tracked at one level or another. The result in today’s climate: we are all targets.
In terms of delivery mechanism, over 90 prcent of threats come from email, it is the perfect platform to reach most of the world's connected population and you must consider everyday:
"if I open this, or click that, what might happen?" Someone wants something from you, it could be a simple revenue stream focused on increasing sales or more malicious: crypto-jacking, fraud or something that leads to a ransom for your stolen/encrypted data.
The intention of the article is to make sure that we all have our ears and eyes open - the threats are real, and they are likely to come knocking on your door. We all have data to offer to someone, it’s a reality, so we should minimize the risks. Prevention is always the best medicine, and it is highly recommended to be able to identify, protect, detect, respond, and recover from all threats - whether they are natural or otherwise. Being able to cover all those criteria can be a huge undertaking and it’s likely that you won't be able to protect yourself from everything. That awful day may come when your data, information and/or systems are not accessible or no longer functioning correctly and you may have to rely on the one thing that we should always be able to do - restore from backups. Whether it’s a few important files, a history of emails or an entire system that is critical to your daily operations, everything can be backed up and in the event of a disaster; recovered. You may be able to undo many of the bad things that happened and get on with your day but there is only one way to ensure that everything is the same as it was before the event, and that is restoring from backups. In many cases, there is already resilience in our data, whether it’s through hardware redundancy or replication, there are plenty of options available on the "hot" side. Something that can be overlooked with our backups, is how "warm" or "cold" they are - what if the event that impacted your live data, could also reach your backups? Security is all about boundaries and we often forget that it’s not just resiliency we should focus on but making sure there are enough layers protecting everything.
Hackers don't need to know their targets or their worth but are only interested in compromising systems and any chance of making money. Hacking is related to the general availability of data with computing power
With backups, we are looking for is a 3-2-1-1-0 strategy, where the numbers relate to: 3 copies of the data, across 2 backup types, 1 off-site, 1 backup totally offline/sealed, and all verified with 0 errors. It sounds complicated and everyone will have their own thoughts about what makes practical sense for them to achieve but the goal is common for everyone - be able to restore data in a reasonable timeframe and ensure that the backups themselves remain both safe and have integrity.
Backups come in many shapes and sizes, from bare metal/VM snapshots, application level/data only, through to differential/incremental file backups. Each option comes with its own set of pros and cons, so you will need to choose what works best for you. Keep some focus on where they are stored, validated for integrity, and periodically tested, so that the ultimate strategy of 3-2-1-1-0 can be the target, even if there is a compromise based on effort and complexity.
Weekly Brief
Read Also
