Working in cyber security can be draining. It’s a high-pressure environment and the stakes are only getting higher. A recent report found that 45% of cybersecurity professionals have considered quitting over the constant threat of Ransomware attacks.
The industry has been evangelising (or fear-mongering, depending on who you ask) on the rising threats of bad actors for years. Unfortunately, the stats don’t lie – threats are becoming more numerous and more sophisticated year after year.
At the same time, the environments that need protecting are becoming more complex and decentralised, with migration to the public cloud, digital transformation and mounting pressure to roll out new products as fast as possible. A report found that last year 79% of employees admitted to sacrificing security to meet tight deadlines and higher expectations.
For security teams, the result can be overwhelming. As the list of priorities grows and resources and budget tighten due to the threat of recession, what should teams focus on to manage risk for 2023?
The old adage “the more things change the more they stay the same” is often true in infosec. Focusing on identifying and removing vulnerabilities is by no means reinventing the wheel, but as priorities mount up it is crucial to ensure proactive patch management is still at the heart of security strategies going into next year. With operations and workloads continuing to scale, getting to vulnerabilities before bad actors will remain as important as ever.
Of course, it’s easier said than done. If identifying vulnerabilities was simple then cybersecurity would be too, and with increasingly disconnected systems, centralised testing and patch management is more complicated than it once was. At the same time, the increasing reliance on open-source software means more potential vulnerabilities are being added to IT systems all the time, so it’s vital to audit new systems and constantly stay abreast of new threats.
The best practice is to stay informed of vulnerabilities in commercial or open-source software by consistently monitoring reputable sources alongside regular penetration testing to find any additional gaps in these, as well as in internally developed systems. When deploying patches, it’s prudent to prioritise their deployment order by risk level, as well as ensure patches are thoroughly tested before being deployed in a live environment.
Implement Multi-factor authentication
Another way to reduce cyber risk at scale is implementing multi-factor authentication (MFA) across the business. Multi-factor or two-step authentication makes systems far more resilient to bad actors and reduces the risk of employees’ poor digital hygiene in the form of weak, stolen or duplicated passwords. The additional method of authentication can vary depending on the business and type of information being protected but can include SMS, mobile apps, physical security keys or even biometrics.
Although MFA is becoming increasingly common, there is still a long way to go. A 2022 report found that almost half of all companies aren’t yet using MFA. But setting this up is not without its challenges. Internal system complexity often means authentication has to be done in silos. This means a turn-key approach that works across the organisation is difficult due to a variety of ID & authentication types, operating systems and existing authentication systems that are not interoperable. It’s no surprise that data shows that 70% of IT Professionals feel overwhelmed by authentication systems, but it’s worth making it a priority going into next year.
Invest in immutable backups
Finally, as threats like ransomware become more common and more severe, its vital infosec teams put robust backup plans in place as a last line of defence. Despite the best efforts of security teams, cyber events will still happen. The make-or-break factor for organisations moving forward will be their contingency plans and recovery processes, particularly in the case of ransomware.
The Veeam 2022 Data Protection Trends report found that 76% of global and 86% of South African organisations had suffered at least one ransomware attack during the one year period, and recovery time makes all the difference in how much money these attacks cost businesses. IT leaders estimate downtime costs to be approximately R 25,000 per minute (R 1.5 million per hour).
But it’s crucial to understand that not all backups are created equal. Modern ransomware specifically targets and corrupts backup repositories, so ensuring your backup accounts for this is crucial going forward. The old backup golden rule was 3-2-1, meaning there should be 3 copies of data, on 2 different media, with 1 copy being off-site. That offsite copy was in the case of a physical threat like a fire or natural disaster, but that won’t stop ransomware.
Instead, modern backups need to follow a 3-2-1-1-0 rule, not quite as catchy, but far more robust. The extra digits refer to 1 copy of data being offline, air-gapped or immutable and the 0 refers to no errors during the recovery process. Having data offline or air-gapped simply means it is unreachable by threat actors, while immutable data is unchangeable and so cannot be encrypted by ransomware – of course, the strongest backup would be one that is all three!
Taking control of the future
Despite significant advancements in the cyber sector no one has managed to come up with a crystal ball just yet. But what we do know is that threats aren’t going anywhere. Attacks like ransomware are increasing year-on-year and while it’s a fair bet they will become more sophisticated, exactly how much is harder to predict. Infosec in the 2020’s remains a mammoth task but to avoid becoming swamped by the countless list of concerns, security teams should focus on one step at a time. Starting with the three priorities listed here will go a long way to mitigating risk, if you don’t do any of these make sure you put them at the top of your list (however long it is) going into 2023.
By Danny Allan, CTO, Veeam