Displaying items by tag: backups

GUEST OPINION:   Paul Crighton, Managing Director ANZ at Barracuda Networks

People and businesses take out insurance to cover their potential losses from all kinds of adverse events: fire, flood, storm and theft are threats for which cover is commonly sought. There has also been a growing trend in recent years of businesses taking out insurance to cover the cost of damage caused by cyber attacks, but the ecosystem around cyber insurance is much more complex and evolving more rapidly than conventional types of insurance.

By far, the biggest cyber threat against which organisations seek insurance cover is ransomware. However, unlike other conventional risks where the insurance covers the cost of remediation following an adverse event, the damage from a ransomware attack can potentially be mitigated by paying the ransom, and having insurance cover often places this decision in the hands of the insurer.

Insurers are no longer paying up so easily

In the past, insurers were much more likely to help policyholders cover losses and minimise damages from a ransomware attack. However, in the face of increasingly frequent and costly attacks, insurers are tightening their parameters.

They are placing more stringent requirements on clients, which is forcing organisations to pay more attention to their cyber security measures. In the past, organisations tended to be somewhat lax because they had cyber insurance, but increasingly insurers are demanding strong cyber security measures as a prerequisite for taking out a policy.

While these requirements are having a positive impact by lifting the overall level of cyber security in Australian businesses, awareness is still much lower than it should be, with only 20 per cent of SMEs and 35-70 per cent of larger businesses taking out cover specifically for cyber risk.

If you try to take out an insurance policy against burglary, chances are the insurer will require you to have some basic security measures such as window locks and deadlocks, or they will bump up the premium significantly if you don’t. It is becoming a similar case with cyber insurance: insurers are increasingly demanding clients have some basic cyber security measures, such as:

• Requiring all users to authenticate themselves with unique passwords, biometrics, or digital ID.
• Ensuring system access is limited only to those who require it to perform their roles, enforced through a policy of least privilege.
• Multifactor authentication (MFA) for all access to cloud services and critical devices, and all users accessing services remotely.
• They may also require all sensitive data to be encrypted in storage and transit, and for mission-critical data to be regularly backed up and isolated so it cannot be compromised by ransomware.

What effect is this having on the cybersecurity industry?

All of this external pressure is a good thing for Australia’s cybersecurity industry. It can help CISOs get the necessary budget to introduce more cybersecurity measures against which there might normally be internal resistance. However, having cyber insurance can also increase the chance of a cyber attack! If attackers are able to ascertain that an organisation has insurance, they may believe they have a better chance of extracting a ransom.

A recent global survey of senior IT and IT security decision-makers across multiple industries found 77 per cent of organisations with cyber insurance had been hit by a successful ransomware attack in the previous year compared to 65 per cent without cyber insurance.

And whatever compensation a cyber insurance policy might provide, it can never guarantee replacement of encrypted data, or compensate for the reputational damage inflicted on an organisation when large amounts of sensitive personal data on customers is exfiltrated and exposed on the dark web – as recent high-profile attacks against major Australian organisations have demonstrated.

It is therefore extremely important that organisations aren’t overly-reliant on cyber insurance. They must have robust measures in place to prevent attackers from gaining access to corporate IT systems and minimise the damage they can cause if they are successful.

The four basic tools all organisations should have in place:

1. Email protection: Deloitte has estimated that 91 per cent of all cyber attacks begin with a phishing email. Using AI-powered email protection can help prevent these attacks by analysing thousands of emails around the world to identify and block phishing attempts. Security awareness training is also an effective way to prevent phishing emails from being opened and allowing system compromise.

2. Application protection: Hacking web applications has become an increasingly-popular way to gain access to wider company networks. Thankfully, tools such as  WAF or WAF-as-a-Service are available that can offer comprehensive protection for applications, whether these are deployed on-premises, in the cloud, or across both environments. The best tools are constantly updated to offer protection against emerging threats: they collect threat data from worldwide networks of sensors and customer traffic and use machine learning and artificial intelligence to update protection tools in near real time.

3. Network security: The rise in remote working precipitated by COVID has greatly increased the scale and vulnerability of many corporate networks. There’s a new approach to securing networks, which all organisations should be aware of and consider adopting. It’s called Secure Access Service Edge (SASE) and combines a range of security features including VPN and SD-WAN secure web gateways, cloud access security brokers, firewalls and zero-trust network access and delivers all these from the cloud.

4. Backups: Having a reliable backup (or multiple) is essential to protect vital data against error, system malfunction, natural disaster and criminal activity. But crucially, backups must provide the ability to easily recover data rapidly and restore normal operation in the event of any kind of disruption or data loss. For many business operations, minimising downtime caused by disruption is a high priority. Not all backups are created equal, and organisations need to look for a solution that restores data efficiently and easily, from any point in time.

The takeaway:

Getting these four aspects of data and system protection right: email security, application protection, network security and backups should be the first priority for any organisation before it starts considering cyber insurance, which can do nothing to protect against attacks or prevent the damage to operations and reputation that ensues.

https://assets.barracuda.com/assets/docs/dms/2023-Ransomware-insights-report.pdf

https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html

https://actuaries.asn.au/Library/Opinion/2022/CyberRiskGreenPaper.pdf

Companies need to be thinking beyond traditional backups to stay one step a head of their adversaries, according to one security firm executive in comments he made on the recent World Backup Day.

The Australian Cyber Security Centre (ACSC) is encouraging organisations "to urgently adopt an enhanced cyber security position. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment."

GUEST OPINION by David Eshuis, Victory ICT Services:  Many businesses are unaware that danger may be lurking in their old files. Over the years files, emails and backups have been saved to network-attached storage (NAS) devices – but are all these old files safe from ransomware?

GUEST OPINION by Craig Somerville, Managing Director and CEO, Somerville:  The benefits offered by the adoption of cloud computing are now well understood, however many IT managers are still struggling to put a clear migration strategy in place.

Google will delete back-ups of Android devices, after warning users who have not used their devices for two weeks and without telling them how long it will take before the back-ups are removed.

The cloud continues transforming backups and disaster recovery, with Acronis saying this transformation ‘provides a host of new data protection benefits for organisations and individuals alike.’

Synology’s newest backup solutions promise high-availability, massive scalability, uncompromising reliability and instant, granular recovery.