There is one thing in the last few years that I have not mentioned, which is in fact, a key prey for the Cyberattacker? What is it, you may be asking? Well, believe it or not, it is the backups that we create of our datasets.
We keep hearing day in and day out about the need to create
daily backups, after all this is the best way to recover from a security
breach, especially that of Ransomware.
But now, the Cyberattacker is after these backups.
Consider some of these interesting stats:
*The lack of data backups by Corporate America (yes, they
are still those organizations that fail to do this) has caused the cost of
Cyber Insurance premiums to go as high as 91%;
*Backups were targeted in an astonishing 94% of all Cyberattacks,
with a strong impact being made in 68% of those cases;
*Without the appropriate backups in place, it can cost a
company 35% more in terms of financial expenses when trying to restore back to
mission critical operations.
It seems that many organizations are far too obsessed with
keeping track of their compliance, rather than making sure that people have the
access to what they only need. In this aspect,
you really can’t blame the CISO too much.
Coming into compliance with the data privacy laws is of top
concern at the moment, because of the fears driven by audits and the sharp
financial penalties that come into place for not being compliant.
But perhaps, the CISO has too much on their plate? Perhaps they should hire a v based Chief
Compliance Officer to make sure that all is up to snuff? In fact, this is the number one complaint
that IT Security teams have about their CISO:
They never listen.
I realize I am digressing here a little bit, but the truth
of the matter is that all employees pretty much take cue of what to do from the
C-Suite, which technically, they are supposed to do.
But now perhaps it’s time that the CISO shift their directions
and focus more on the basic things: Like
making sure backups are more or less safe and secure. So what can he or she do in this regard? Here are some tips:
1)
Improve the security awareness training:
OK, once again I realize that this
is also a beaten-up subject, but in this regard, I mean training for the IT
Security team. You, the CISO, need to
stress on the team, in a nice manner, that while taking backups is a key job
function, making sure that sure that they are out of predatory hands is just as
important. It would probably be wise to first
discuss where the backups are. If they
are on site, then they should be stored in a secure room, with only a few
people being given access to it, using MFA at the very minimum in terms of
security protocols. If they are stored
in the Cloud, then once again, you need to confirm with your team where it is
located at as well. For instance, is it in the Public, Hybrid, or Private
Clouds? Once this has been determined, you can then establish the right profiles
for those people who need to gain access to them. Here, you can use the Azure Active Directory,
which is a great tool to use for this scenario.
Then from here, you can set up the rights, privileges, and permissions
for the people on the IT Security staff that will be gaining access to the backups. Even though you may think that you are all on
the same side, rogue employees can also exist from your own team.
Therefore, in this and all instances, the concept of Least Privilege must be
applied!!! Also, make sure
that taking backups is a role shared job, meaning that it rotates between
people, and not just one person does it.
2)
Get an audit done:
In all many fields, whoever is
responsible for getting a job task done feel that their way is the best
way. It’s just human nature to think
this way. While it is great that you
take pride in what you do, this is not the best way to approach the task at
hand. Rather, what you need to tell
yourself is that you need a second pair of eyes to confirm that the controls
you have put into place to safeguard your backups has indeed been done
correctly. What I am trying to get at is
you should probably get a third-party assessor to confirm that the procedures
that you have in place to secure backups is good, and if not, follow there remediative
plan of action. For me, its like writing
a whitepaper. Sure, I have been doing tis for years, but often, it is difficult
to profred what I have just read. That
is why from time to time I hire a proofreader to go over my work and check the obvious
mistakes, of which I probably could not find.
3)
Create a sense of camaraderie:
Although this should be done for
all departments in your company, at the present time, as the CISO, your IT
Security team comes first. Break away
from the siloed approach that has pervaded your organization for so long, and
implement a culture that fosters open communications and teamwork. Remember, when fighting off the bad guys, you
need a team that is going to follow your lead, and nobody else’s. As mentioned, you want to develop a sense of
trust on your team, so that they will take that extra mile to make sure that
those backups are protected.
My Thoughts On This:
Remember, when it comes to securing
backups, as the CISO, just don’t stay so focused on the threats from the external
environment. You also need to stay
focused equally if not more on the internal environment of your company as
well. Remember, all it has to take is
one rogue employee to mess with your backups.
Now although you can’t watch your
employees all the time, your others can.
That is where developing a trusting environment comes into play. Also, make sure that your CCTV systems are in
place and fully functionable and outfitted with the latest technology, such as
that of Facial Recognition.
This will be one of your best resources
to use if indeed you have a rogue employee in your midst.
Sources for the stats mentioned in this
blog include the following:
No comments:
Post a Comment