Sunday, October 16, 2022

Why Securing Your Backups Is So Important - Especially NOW!!!


 

There is one thing in the last few years that I have not mentioned, which is in fact, a key prey for the Cyberattacker?  What is it, you may be asking?  Well, believe it or not, it is the backups that we create of our datasets. 

We keep hearing day in and day out about the need to create daily backups, after all this is the best way to recover from a security breach, especially that of Ransomware.  But now, the Cyberattacker is after these backups. 

Consider some of these interesting stats:

*The lack of data backups by Corporate America (yes, they are still those organizations that fail to do this) has caused the cost of Cyber Insurance premiums to go as high as 91%;

*Backups were targeted in an astonishing 94% of all Cyberattacks, with a strong impact being made in 68% of those cases;

*Without the appropriate backups in place, it can cost a company 35% more in terms of financial expenses when trying to restore back to mission critical operations.

It seems that many organizations are far too obsessed with keeping track of their compliance, rather than making sure that people have the access to what they only need.  In this aspect, you really can’t blame the CISO too much. 

Coming into compliance with the data privacy laws is of top concern at the moment, because of the fears driven by audits and the sharp financial penalties that come into place for not being compliant. 

But perhaps, the CISO has too much on their plate?  Perhaps they should hire a v based Chief Compliance Officer to make sure that all is up to snuff?  In fact, this is the number one complaint that IT Security teams have about their CISO:  They never listen. 

I realize I am digressing here a little bit, but the truth of the matter is that all employees pretty much take cue of what to do from the C-Suite, which technically, they are supposed to do.

But now perhaps it’s time that the CISO shift their directions and focus more on the basic things:  Like making sure backups are more or less safe and secure.  So what can he or she do in this regard?  Here are some tips:

1)     Improve the security awareness training:

OK, once again I realize that this is also a beaten-up subject, but in this regard, I mean training for the IT Security team.  You, the CISO, need to stress on the team, in a nice manner, that while taking backups is a key job function, making sure that sure that they are out of predatory hands is just as important.  It would probably be wise to first discuss where the backups are.  If they are on site, then they should be stored in a secure room, with only a few people being given access to it, using MFA at the very minimum in terms of security protocols.  If they are stored in the Cloud, then once again, you need to confirm with your team where it is located at as well. For instance, is it in the Public, Hybrid, or Private Clouds? Once this has been determined, you can then establish the right profiles for those people who need to gain access to them.  Here, you can use the Azure Active Directory, which is a great tool to use for this scenario.  Then from here, you can set up the rights, privileges, and permissions for the people on the IT Security staff that will be gaining access to the backups.  Even though you may think that you are all on the same side, rogue employees can also exist from your own team. Therefore, in this and all instances, the concept of Least Privilege must be applied!!!  Also, make sure that taking backups is a role shared job, meaning that it rotates between people, and not just one person does it.

2)     Get an audit done:

In all many fields, whoever is responsible for getting a job task done feel that their way is the best way.  It’s just human nature to think this way.  While it is great that you take pride in what you do, this is not the best way to approach the task at hand.  Rather, what you need to tell yourself is that you need a second pair of eyes to confirm that the controls you have put into place to safeguard your backups has indeed been done correctly.  What I am trying to get at is you should probably get a third-party assessor to confirm that the procedures that you have in place to secure backups is good, and if not, follow there remediative plan of action.  For me, its like writing a whitepaper. Sure, I have been doing tis for years, but often, it is difficult to profred what I have just read.  That is why from time to time I hire a proofreader to go over my work and check the obvious mistakes, of which I probably could not find.

3)     Create a sense of camaraderie:

Although this should be done for all departments in your company, at the present time, as the CISO, your IT Security team comes first.  Break away from the siloed approach that has pervaded your organization for so long, and implement a culture that fosters open communications and teamwork.  Remember, when fighting off the bad guys, you need a team that is going to follow your lead, and nobody else’s.  As mentioned, you want to develop a sense of trust on your team, so that they will take that extra mile to make sure that those backups are protected.

My Thoughts On This:

Remember, when it comes to securing backups, as the CISO, just don’t stay so focused on the threats from the external environment.  You also need to stay focused equally if not more on the internal environment of your company as well.  Remember, all it has to take is one rogue employee to mess with your backups. 

Now although you can’t watch your employees all the time, your others can.  That is where developing a trusting environment comes into play.  Also, make sure that your CCTV systems are in place and fully functionable and outfitted with the latest technology, such as that of Facial Recognition. 

This will be one of your best resources to use if indeed you have a rogue employee in your midst.

Sources for the stats mentioned in this blog include the following:

https://www.wsj.com/articles/cyber-insurers-raise-rates-amid-a-surge-in-costly-hacks-11652866200?mod=djemalertNEWS

https://www.ibm.com/downloads/cas/L57KW7ND

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...