Technology

'Cyber control': How can businesses practice proper cyber hygiene?

Today, work-from-home (WFH) has evolved into work-from-anywhere (WFA), to the delight of employees and their employers alike.

The benefits of this new work paradigm for employees include the flexibility to choose work hours, getting more work done in less time, lower work-related expenses, and of course, a better work/life balance, while employers gain from higher productivity, a larger talent pool, increased job satisfaction, more engaged employees, lower turnover rate, as well as significantly reduced overhead expense.

However, cybersecurity is the flip side - and needs to be considered, along with the technology needed to ensure it.

This ties back to this year’s CyberSecurity Awareness Month theme “See Yourself in Cyber” which demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.

“However, it's also all about the technology that we invest in to support our people’s success,” says Don Boxley, CEO and co-founder, DH2i, which provides software defined perimeter (SDP) and smart availability software for Windows and Linux platforms to help organisations enhance their IT infrastructure.

The answer to the VPN dilemma

The evolution from an onsite work model to the new paradigm of WFH/WFA, as well as hybrid, wasn’t without its challenges. Perhaps one of the biggest bumps along the way was figuring out how people could WFH not only productively, but securely.

“At the beginning of the transition, many organisations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs were not designed nor intended for the way we work today. Both external and internal bad actors were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organisations have discovered the answer to the VPN dilemma,” says Boxley.

“It is an innovative and highly reliable approach to networking connectivity – the software defined perimeter. This approach enables organisations to build a secure software-defined perimeter and use zero trust network access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organisations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals,” he adds.

‘Multi-pronged strategy needed to protect against cybercrime’

Cybersecurity-urgency is gripping the private and public sectors, as data now represents a strategic asset to almost every organisation. 

Yet, while from IT to the C-suite it is agreed that the possibility of a cyberattack poses a highly dangerous threat, many would admit that they are probably ill prepared to fully understand and address all of the threats, in all of their forms, today and in the years ahead.

Steve Santamaria, CEO at tech startup Folio Photonics says a multi-pronged strategy is the most common approach to protect against cybercrime today. This usually includes a mix of security software, malware detection, remediation and recovery solutions.

“Traditionally, storage cyber-resiliency is found in the form of backup to hard disk and/or tape. Both media have relatively short lifespans and can be overwritten at a material level. They also offer distinct advantages as well as disadvantages. For instance, tape is less expensive but it has very strict storage and operating conditions. And disk offers a potentially much faster restore time, but the cost can be exorbitant. For those that have the flexibility to do so, they may be forced into picking-and-choosing what they save, and for how long they save it,” he says.

Santamaria says what is required is development of a storage media that combines the cybersecurity advantages of disk and tape.  A solution that can ensure an enterprise-scale, immutable active archive that also delivers write once read many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits.

“Affordable optical storage is the answer, as it is uniquely capable of leveraging today’s game-changing advancements in materials science to create a multi-layer storage media that has already demonstrated the major milestone of dynamic write/read capabilities. In doing so, it can overcome historical optical constraints to reshape the trajectory of archive storage. Ideal for datacenter and hyperscale customers, such a next-generation storage media offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure, and sustainable, not to mention impervious to harsh environmental conditions, raditiation, and electromagnetic pulses, which are now being commonly used in cyber-warfare,” he adds.

'Proper cyber hygiene must include protecting backed up data'

Today, the process of backing up has become highly automated.

But now, as ransomware and other malware attacks continue to increase in severity and sophistication, Surya Varanasi, CTO, StorCentric, which provides comprehensive data management, protection and security solutions, says that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.

“An unbreakable backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention.

"In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organisation’s bottom-line objectives,” Varanasi says.

‘A backup solution is a must’

CyberSecurity Awareness Month is a great reminder that we must remain vigilant and always be thinking about how to handle the next wave of cyberattacks. While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks.

In other words, it is virtually a given that at some point, most will suffer a failure, disaster or a cyberattack.

“However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack,” says Brian Dunagan, Vice President of Engineering, Retrospect,  a provider of backup and recovery tools for consumers, professionals and SMBs.

Dunagan’s advice to these customers is that beyond protection, organisations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover.

“A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customisable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analysing purposes,” he adds.

Of course, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack.

“This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way,” he adds.

This article was first published in October 2022.

Browse more in: