In a world where cyberattacks have become as constant as they are inevitable, organizations are facing an uphill battle to protect their data networks. Recent examples of high-profile attacks on Dish Network, Uber, and major US airports serve as a reminder of the relentless scourge that cybercriminals pose. According to a recent survey, security executives anticipate an increase in attacks over the next two years, as these bad actors become more prolific.
Steve Preston, an experienced information technology executive, has come to a stark realization: the cybersecurity war will never end. It will be an ongoing series of battles, with victories and defeats. While losses may be within our control to some extent, Preston believes that successful defensive tactics from the past may already be obsolete. To stay ahead in this fight, continuous innovation is essential.
In today’s world, data has never been more valuable or vulnerable. Ransomware, once known for taking data hostage, has evolved into new and malicious ways of exploiting businesses and personal information. Whether it is hackers showcasing their skills, hostile governments targeting perceived enemies, or criminals seeking monetary gain, the key to protecting data lies in integrating security into the very fabric of data systems, not tacking it on as an afterthought.
Built-in security goes beyond technology; it needs to be ingrained in an organization’s culture. Preston acknowledges that, despite an organization’s best efforts, data networks are essentially Swiss cheese. Every employee with an iPhone or laptop potentially creates a vulnerability for external bad actors, even unknowingly. Moreover, disgruntled employees seeking revenge can pose internal threats. Therefore, cybersecurity cannot be solely the responsibility of network operators. Every device with software or firmware, from cameras to coffee pots, must be built securely. Organizations that take measures to ensure that their products do not endanger customers’ health and safety should not cut corners when it comes to cyber-risk.
To effectively combat cyberattacks, organizations must foster a culture that recognizes their inevitability. Being prepared means having a well-practiced recovery plan in place and a communication strategy to keep customers, partners, regulators, and the public informed. Security breaches not only impact the targeted company or organization but also pose risks to anyone whose proprietary or personal data may be exposed, as the customers of Dish Network discovered earlier this year.
In the face of an attack, the ability to restore critical data promptly is crucial. Organizations employ various approaches to backup their data for recovery purposes, but a false sense of security often prevails. Clean backups are paramount. This means ensuring that backup tools scan for anomalies or signs of malicious activity and remove any potential threats. By having clean backups, enterprises can quickly revert to a pre-attack state without the risk of reinfection.
Recognizing that no single cybersecurity solution can fully protect any data-intensive organization, a multilayered approach is necessary. Apart from being able to recover post-attack, having early warning signals before data is compromised is vital. Preston highlights deception technology as a promising innovation in recent years. This approach involves creating decoys that mimic legitimate assets, setting traps to detect intruders on the network. The more obstacles and distractions in place, the more time businesses have to detect and respond to intruders.
Although businesses can never be completely impenetrable, a proactive approach to security is the only true defense. Security must be built into the data network, as well as the organization’s philosophy and culture. While it may not be possible to win the cybersecurity war outright, organizations can take measures to defend themselves against its onslaught. By continuously innovating and integrating security into every facet of their operations, they can stay one step ahead of the ever-evolving threat landscape.