In a cyber world where attacks are often heard and reported in retrospect, organisations large and small should be wary about their cyber-resilience, looking at a cybersecurity strategy in a holistic manner - from the first line to the last line of defence, and what to do to recover when a breach occurs.
The recent spate of high profile cyber-attacks should provide enough reason to note that no cybersecurity defence is impregnable. Just to mention some high profile breaches that took place at Singapore Airlines where a data breach happened through a third-party service provider. the most recent massive Microsoft Exchange hack that prompted the US White House to advise people to patch up their systems immediately, of which contributed to a knock-down effect from Acer’s breach via a ransomware attack.
The threat is worrying, and the costs are great
Companies in Asia are mostly incognisant to the fact that attacks are happening all the time and around them. Whether it is a large organisation that has a solid cyber-security strategy or a startup business that has a nimble and agile digital architecture that employs security-as-a-service partners, none are impervious to the attacks when they are targeted by a determined hacker.
A report from Cybint states that there is a hacker attack every 39 seconds on average, and since COVID-19 started, there has been a 300% increase in cyber-attacks, with 43% of attacks targeting small businesses. The smaller guys are being seen as easy targets for hackers - according to the 2020 Verizon Data Breach Investigation Report, SMEs are four times more likely to be hacked and twice as likely to be infected with malware as compared to larger enterprises.
Malware also appears to be the greatest threat among all the other types – viruses, adware, spyware and trojans, with ransomware being the highest profile in a cybersecurity breach as users are held hostage.
The CyberSecurity Agency of Singapore reported a seven-fold jump in ransomware reports globally in the first half of 2020 with almost half of cyber insurance claims attributed to ransomware attacks. The last thing that a company wants is their business-critical data and infrastructure being permanently disabled which can be fatal, so most succumb to paying the ransom.
Typically, what goes unnoticed is the cost of the downtimes caused by ransomware. While the average ransom is approximately SGD 8,100 (according to Datto’s 2020 State of the Channel Ransomware Report), the true cost of that downtime is actually much higher – in fact, on average 23 times higher (SGD 193,600!) than the cost of the ransom itself. As a small business owner, going through such an ordeal can be a death blow to the company.
What can the smaller players do?
So while large enterprises can afford to spend the majority of their resources on building and fortifying the external walls of their cybersecurity defence, smaller companies have to make do with outsourcing this critical task to the third-party experts.
Most small and medium businesses (SMB) normally engage the managed service providers (MSPs) to deploy a suite of IT services such as basic digital office functions and other functional tools like customer relationship management (CRM), supply chain management (SCM) and human resource management (HRM), just to name a few.
A critical part of the suite of services they provide includes Business Continuity and Disaster Recovery (BCDR) services in the unfortunate event of a breach to ensure business are still able to continue without major hiccups.
MSPs are a trusted provider of the functional digital tools for SMBs to carry out their business operations intelligently, efficiently and at scale, and are often referred to as the outsourced CIOs for SMBs. MSPs need to form the right partnerships with the right players in the ecosystem in order to provide best-in-class services for end-customers that is also well-taken care of in cybersecurity, especially in the aftermath of a cyber-attack.
Protecting the last line of defence
Many cybersecurity strategies in the event of an unfortunate successful breach deploy the backup as a last line of defence to bring the data and infrastructure to a last known state to mitigate the damage the compromise can cause to the business.
If a server is infected with ransomware, you have a backup to restore from which then allow you to get back to business. However, not all backups are created equal, and that last line of defence can even be the target of hackers.
Examples of such attacks on backups are direct hacking attempts or malware from malicious actors. Hackers can directly manipulate backup software as a backdoor to access systems and data, and they can corrupt or encrypt backup data to make it inaccessible.
Backup files are also susceptible to ransomware where hackers know that backups are the last line of defence for recovery. So how do we protect our last line of defence?
- 2FA to access backups within admin environment: For starters using a two-factor-authentication to access backup software within the admin portal itself is important to ensure that if an attacker gets past the first few lines of defence, he does not have full access to all files – and the backup is another vault that needs another lock.
- Utilise key-based SSH authentication: an SSH key helps to lock access to backups that only a unique key held by an authorised person can unlock. This is a much more secure alternative over a password that brute force hacking methods can break.
- Do regular scans of backup files for ransomware: One of the most damaging breaches is one that goes undetected over a long period of time where a bad actor can silently siphon data without resistance. Doing regular scans on backup files is an important way to ensure that this doesn’t happen.
- Save backup copies in a different physical location: this is the most prudent of methods to ensure that there is zero digital access to backups by using geographical dispersal.
- Keep a “recycle bin” for backups: as much as backups already serve as the Recycle Bin for main operational files, sometimes critical backups may be deleted accidentally by staff. Keeping a snapshot of backup files to revert to that is stored in the cloud relieves any human error risks and Datto’s Cloud Deletion Defense (CDD) does just that.
SMEs can use the above suggested methods to ensure a bulletproof backup strategy, although these methods require significant investment in both effort and time. An alternative could be to employ a robust BCDR solution that uses all the of the above mentioned methods, coupled with a team working to ensure an iron-clad cybersecure business environment.
Fortifying our last line of defence may be our only saving grace from business closures and needing to report the attack to government entities and the broader general public.
In today’s cyber landscape where we ask not ‘if’ but ‘when’ the next attack will occur, organisations of all sizes need to think beyond cybersecurity and towards cyber resilience.
Ryan Weeks is Chief Information Security Officer at Datto