Page 83 - Cyber Defense eMagazine January 2024
P. 83

statement,  and  the  other  actions  it’s  taken,  are  a  step  in  the  right  direction.  Somebody  needs  to  do
            something.



            The silver bullet

            But an international  pledge is unlikely to be the silver bullet CISOs are still looking for. Or, at least, not
            this  particular  international  pledge  as it currently  stands.  While symbolically  powerful  with some  good
            initial steps in the agreement aimed at monitoring and sharing at the nation-state level, it does not include
            actionable guidelines for the organizations on the front lines. At the very least this serves as a barometer
            highlighting the level of global concern around ransomware, but it remains to be seen how effective this
            pledge will be at disrupting payments mechanisms for ransomware actors and whether these actions will
            reduce the number of ransomware attacks. The pledges’ challenges are common to anyone who follows
            international  policy:  these  things  move  slowly  with  too  many  caveats  and  exceptions.  The  pledge  of
            course only covers the National level, and even then, it allows for exceptions to the refusal to pay ransoms
            in the event of emergency situations. And when is ransomware ever not an emergency situation?


            The main utility of CRI’s statement is that it’s opened once again, on a global scale, a conversation around
            data security  and resiliency.  This is helpful  because  it invites  us to consider  our current practices  and
            fundamental  assumptions  around  how  we  protect  our  data.  We  desperately  need  this  conversation,
            because in my view we’re thinking about it all wrong.



            Prevention itself isn’t enough

            Most organizations tend to think about ransomware  attacks in terms of prevention  — how to stop them
            from happening in the first place. Huge swathes of cybersecurity budgets are spent trying to build digital
            walls high enough that no bad actor can ever get across. This isn’t a bad practice — preventive measures
            are important — but they are not infallible.  What happens when ransomware  is successful?  Response
            time is important, but no matter how fast you respond to a successful ransomware attack or breach, you
            still must work to undo  the damage  caused and this is why having  resiliency  and recovery  capabilities
            comes into play.

            It’s time for more conversation on this point. Not because the answer is particularly elusive, or profound,
            but rather because it’s right under our nose, and insufficiently discussed: Backup and recovery strategy.
            It’s frustrating that this is often seen as a nice-to-have  when, in fact, it is really a fundamental  aspect of
            your defense-in-depth strategy. More than anything else, including legislation, international agreements,
            policy positions, a sound backup and recovery strategy has the greatest potential to greatly reduce the
            impact of ransomware and bad actors.




            The power is within backup and recovery
            Ransomware  is a problem, but there is a solution. Did you know that just over 50% of businesses have
            a backup and recovery plan? Having a sound backup and recovery  strategy with purpose built backup




            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          83
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   78   79   80   81   82   83   84   85   86   87   88