Cyber Security Awareness Month - Threats evolve but some things stay the same
BY STEW PARKINAs we observe Cybersecurity Awareness Month in October, it’s a good time to review the threat landscape and understand what’s changed and what hasn’t. Looking at ransomware, one of the most prevalent forms of cyber-attack, we can see that the risk remains very high. According to the Ransomware Task Force, a U.S. organisation formed in 2021 by the non-profit Institute for Security and Technology, there was a significant uptick in attacks in 2023, with 6,670 incidents reported across 117 countries.
These numbers shouldn’t come as a great surprise. Even when law enforcement sees success in the fight against ransomware, as was the case with the recent internationally coordinated effort to smash the LockBit operation, new threats will emerge over time, bringing with them new types of dangers. For example, Microsoft has just reported that a treat actor named Storm-0501 launched a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. This attack marks the expansion of ransomware attacks into hybrid cloud environments.
Smaller businesses face the greatest risk
When it comes to who is being targeted, some things don’t change though. We’ve known for some time that medium sized and smaller businesses are increasingly becoming the targets of ransomware attacks, which is borne out in Accenture’s latest Cost of Cybercrime study, which reveals that almost 43% of cyber-attacks hit small businesses but that only 14% of them are prepared for an attack. An interesting side note here is that 95% of breaches can be attributed to human error, according to the World Economic Forum. Considering all these facts, surely, we’ve reached the point where we should be able to say with certainty that when it comes to cybersecurity, ignorance is no longer an excuse. That also applies to awareness of solutions that can defend against attacks, as well as disaster recovery (DR) and backup solutions in the event of a successful breach.
Be aware of supply chain vulnerabilities
On a positive note, it’s very encouraging to see most businesses and organisations understand this, yet there’s still a lot of naivety out there, particularly in relation to vulnerabilities that can extend through supply chains. Businesses are extremely susceptible to their own supply chains now and in many cases, they either don’t realise this, or don’t think enough about it. A recent example of this was a successful supply chain attack involving Guy’s and St Thomas trust (GSST) in London, that affected seven London hospitals, resulting in the cancellation of operations, blood tests and blood transfusions, as reported in the Guardian. It also forced GSST to revert to paper records and manual processes. The actual victim of the ransomware attack was a pathology services supplier but the effects were widespread.
It’s also very encouraging to see that many-thinking businesses and organisations are assuming they’re going to get hit by a ransomware attack at some point and putting in place plans for how they can rapidly recover in that eventuality. There’s now widespread awareness that immutable backups are what’s needed as the ultimate safeguard against data loss in the event of ransomware attack or other serious data related event.
Immutable backups are as vital as ever
Having immutable backups in place provides the assurance that if the worst does happen, your servers, applications and data can be brought online quickly, allowing your business to continue operating with minimum disruption – addressing one of the major concerns of businesses today.
It needs to be made clear though that immutable backups aren’t a commoditised technology and that some are better than others. Rubrik’s immutable backup technology is a case in point. What set’s this platform apart is that it was built from the ground-up, with native immutability and has unmatched levels of security that is constantly being upgraded as the nature of risks evolve.
Making immutable backup technology affordable
There’s no question that immutable backup and DR technology should be part of a comprehensive cybersecurity strategy. The issue for some businesses and organisations – particularly smaller businesses and public sector organisations – has sometimes been its cost. That’s where a managed service approach such as Assured’s s offer’s alongside Rubrik comes into its own. As an MSP, committed to providing the highest levels of service, we proactively detect and alert customers to a problem and resolve it is critical. It’s this combination of Rubrik based technology and Assured’s 24/7/365 services that set us apart in the market.
We’d welcome a discussion on your DR and backup needs if you’re thinking about this during Cybersecurity Awareness Month. You can get in touch with us here.