SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Businesses must focus on prevention, not rely on backup - emt
Mon, 9th Apr 2018
FYI, this story is more than a year old

Article by emt, Distribution chief marketing officer Scott Hagenus

There has been a shift of direction in the thinking of the Cyber Security Industry.

Endpoint Detection and Response (EDR), that is detecting a threat and investigating it, and Backup appear to have unusually high or disproportionate amounts of airtime.

What happened to prevention?

In the past 18 months, security professionals appear to have given up.

A bold statement, but when you look at the fact that security policies are pushing backup as security, it feels like an admission of a failure to protect.

Deploying tools to monitor suspicious activity on a network is a sensible move, but not if it is at the expense of defensive technology that prevents malicious activity from the outset.

Back up is recovery, not cybersecurity. 

If files are deleted, a VM is destroyed, archives or email are corrupted, backups are used to recover them.

The same is true for a cybersecurity incident, such as ransomware, encrypting, restricting access to or destroying files.

Backups help to recover the files, or as a last resort payment of the ransom may allow access to the impacted files.

However, the fact remains the malicious actors have been let through the door and possibly into every room in the house.

A survey by Malwarebytes reports that Australian businesses are twice as likely to pay a ransom then their offshore counterparts as reported in the Financial Review (Aug 2, 2017), with 35% of the 127 businesses in Australia who responded to the survey having been impacted by Ransomware.

Backup is recovery, not cybersecurity.

The global appetite to include backup in cybersecurity mitigation strategies is distressing for two reasons:

  • Backup should be part of any business or agencies DNA.  Since the 1950's punch card days, backups have been standard procedure, even before the digital era. Triplicate Invoice and order books with carbon copies existed for a reason. 
  • If an organisation has to fall back on backups, they've been breached.  This means there's been a gap in their defence. 

Just because defences failed doesn't mean all strategies of defence would fail.

Invariably, it means that the wrong type of defence was in place for that attack or focus has been in specific areas to the detriment of others.

The need for a solid defensive strategy.

Taking a look at physical business security, there are absolute comparisons to cybersecurity.

If installed locks are identified as inadequate or faulty, they are replaced.

If building material presents a health hazard or fire risk, they are replaced or patched.

Most businesses have smoke alarms, fire extinguishers or sprinkler systems installed to mitigate both external and internal risk and so on.

Insurance premiums more often than not, are in some way tied to the level of physical security in place.

Business networks and endpoints are no different. 

If it isn't working it needs to be fixed, swapped out or augmented.

The Australian Signals Directorate (ASD) has an excellent security guide, designed for Federal government and agencies, that is absolutely relevant to the security of all businesses.

This should be standard reading for all security professionals and IT administrators responsible for the cyber security of their organisation.

About emt Distribution 3emt Distribution is an Australian-based value-added distributor and vendor representative with a presence in Australia, Singapore and Hong Kong. emt offers solutions that address the top four mitigation strategies to prevent cybersecurity incidents, the broader strategies in the Australian Government's Information Security Manual (ISM) and Threat Management.