Page 83 - Cyber Defense eMagazine January 2024
P. 83
statement, and the other actions it’s taken, are a step in the right direction. Somebody needs to do
something.
The silver bullet
But an international pledge is unlikely to be the silver bullet CISOs are still looking for. Or, at least, not
this particular international pledge as it currently stands. While symbolically powerful with some good
initial steps in the agreement aimed at monitoring and sharing at the nation-state level, it does not include
actionable guidelines for the organizations on the front lines. At the very least this serves as a barometer
highlighting the level of global concern around ransomware, but it remains to be seen how effective this
pledge will be at disrupting payments mechanisms for ransomware actors and whether these actions will
reduce the number of ransomware attacks. The pledges’ challenges are common to anyone who follows
international policy: these things move slowly with too many caveats and exceptions. The pledge of
course only covers the National level, and even then, it allows for exceptions to the refusal to pay ransoms
in the event of emergency situations. And when is ransomware ever not an emergency situation?
The main utility of CRI’s statement is that it’s opened once again, on a global scale, a conversation around
data security and resiliency. This is helpful because it invites us to consider our current practices and
fundamental assumptions around how we protect our data. We desperately need this conversation,
because in my view we’re thinking about it all wrong.
Prevention itself isn’t enough
Most organizations tend to think about ransomware attacks in terms of prevention — how to stop them
from happening in the first place. Huge swathes of cybersecurity budgets are spent trying to build digital
walls high enough that no bad actor can ever get across. This isn’t a bad practice — preventive measures
are important — but they are not infallible. What happens when ransomware is successful? Response
time is important, but no matter how fast you respond to a successful ransomware attack or breach, you
still must work to undo the damage caused and this is why having resiliency and recovery capabilities
comes into play.
It’s time for more conversation on this point. Not because the answer is particularly elusive, or profound,
but rather because it’s right under our nose, and insufficiently discussed: Backup and recovery strategy.
It’s frustrating that this is often seen as a nice-to-have when, in fact, it is really a fundamental aspect of
your defense-in-depth strategy. More than anything else, including legislation, international agreements,
policy positions, a sound backup and recovery strategy has the greatest potential to greatly reduce the
impact of ransomware and bad actors.
The power is within backup and recovery
Ransomware is a problem, but there is a solution. Did you know that just over 50% of businesses have
a backup and recovery plan? Having a sound backup and recovery strategy with purpose built backup
Cyber Defense eMagazine – January 2024 Edition 83
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.