Page 130 - Cyber Defense eMagazine March 2024
P. 130
links in the supply chain to target more fortified organizations. While there have been some well-
publicized cyber issues related to third-party vendors, generally speaking, up until now the cyber market
has survived without catastrophic losses from a vendor risk management standpoint. But there’s no room
for complacency. All companies that work with third- and fourth-party suppliers need to make risk
management a top priority this year.
Challenges in Cloud Data Recovery
We can anticipate a spotlight on the critical issue of cloud data recovery following a notable disruption
event. While cloud technology offers clear cost and efficiency benefits beyond data storage and
management, there are also misconceptions about cloud service providers and their clients regarding
data backups and recovery processes.
Some cloud providers promise a rapid response time within 10 minutes of an attack with a three-hour
window to rebuild from backups, but in the immediate aftermath of an attack, the key question is whether
they can meet those promises and whether organizations have taken the appropriate steps to test
recoverability on their own.
In addition to the potential “availability concern” of clouds systems, there is the importance of data
backups and the resiliency of those backups. We’re seeing multi-pronged approaches to implement
backups of those backups as an extra layer of protection. In some instances, we’ve seen primary backups
become infected or erased. All of this emphasizes the importance for a robust, independent data backup
strategy, highlighting the potential limitations of relying on a single cloud provider for data recovery.
It is possible that at some point one of the major cloud providers is going to suffer a catastrophic outage
that will take them offline for an extended period. Or, worse yet, it might be an outage they cannot recover
from. Hopefully it won’t take a disaster of this magnitude to create an industry wide awakening testing
the recoverability of data across multiple platforms.
AI’s Dual Role in Cybersecurity
Artificial intelligence has become a double-edged sword in the cyber domain. On one hand, AI
technologies will empower organizations to enhance their cyber defenses, providing advanced
capabilities in anomaly detection, threat intelligence analysis, and automated response mechanisms.
On the other hand, we are seeing an increase in the quality and quantity of AI-based attacks. Spoofing,
emails, text messages and phone calls are being used to request credentials or entice employees to click
on ransomware and phishing links. While this is nothing new, the quality of these attacks has improved
significantly with AI’s ability to mimic the voices, faces and other factors that are integrated into controls
that secure critical systems.
The sophistication of AI-powered cyber threats is expected to rise as malicious actors develop more
elusive attack methods, and we can expect a new wave of cybersecurity solutions that can anticipate and
Cyber Defense eMagazine – March 2024 Edition 130
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
