In an exclusive, Computerworld Malaysia asks an industry provider to talk candidly through some strategies that leaders needed to consider when protecting business-critical data from cyberattacks.
Like many other security professionals, Saravanan Krishnan (pic below), who is director - Data Protection Solutions, Southeast Asia, for Dell EMC, pointed out the inevitability of attacks and the difficulty of detecting when an attack had indeed taken place.
Naturally, the kickstarter question was to invite comments from Saravanan on the changing threat landscape:
We are seeing an unprecedented increase in cyberattacks across the world. Why do you think this is happening?
This is a time of unprecedented change, which many have described as the Fourth Industrial Revolution - one that is fundamentally altering the way we live, work, and relate to one another.
If previous industrial eras were driven by steam, coal and electricity, this one is driven by data. It is ruthlessly redrawing the business landscape and reinventing our future.
The Internet of Things, an intelligent interconnected living network, pulsing with data and processing power, populated with digital devices, appliances and people, will transform the way every business in every industry operates.
With change, comes opportunities and risks: The past few years have seen several high-profile cyberattack cases which brought organisations to their knees - from financial services to the automotive industry and logistics. Malaysia is not spared, with an academic institution and several Malaysian businesses hit by WannaCry.
And there is no sign of these attacks abating - a similar cyberattack in June dubbed NotPetya (a new malware that masquerades as the Petya ransomware) was instead built to destroy, not extort. The effects were felt worldwide - the hardest hit being Ukraine with businesses, government agencies and services compromised. The attack has even affected operations at the Chernobyl nuclear power plant, which had to be switched to manual radiation monitoring as a result of the attack.
What should CIOs be prioritising when it comes to planning to handle cyberattacks?
Organisations of today need to have the know-how to defend against escalating, dynamic security and privacy risk - and rightly so.
The threat is real - according to a 2016 research, cyberattacks are growing at 47 percent year-on-year.
In 2009, there were 3.4 million security breaches, and this spiked to over 50 million in 2015. To give an idea of how prevalent the issue has become, there are over 1 million cyberattacks every day, nearly 500 new malware threats every minute, and 19 identity or personal details of people stolen online in the world every second.
By 2020, 60 percent of digital businesses will experience a major service failure because of IT security risks.
Case in point - an attack on a major entertainment company in late November 2014 was a watershed moment in the history of cyberattacks. There are a couple of points to be made about this attack.
First, it is believed that the attackers were inside the organisation's network for upwards of 6 months. Obviously, that is a long time and it gave the attackers plenty of time to map the network and to identify the assets where the most critical data was stored.
Before the attack began, the cybercriminals carefully exported loads of data a little bit at a time: e-mails, personnel records, salary information and the company's intellectual property works. This data was then released on the Internet a piece at a time.
Second, the attack unwound over a 48-hour period and began by destroying recovery capabilities. Backup media targets and the associated master and media servers were destroyed first and then the attack moved to the disaster recovery and production environments.
Once the attack was discovered and measures taken to stop it, the company went to its data protection infrastructure and planned to restore damaged systems. However, the data protection infrastructure was destroyed and along with it, their ability to recover. This caused a downtime for over 28 days and the company never recovered much of their data.
Third, this was a watershed moment because the data was stolen AND the systems left behind were rendered unusable. In the past, data was stolen and sold on the black market but in this case the rules changed and damage to the ability of the business to operate was the goal.
So what questions should CIOs ask to evaluate their cybersecurity readiness?
The common questions should include
- Is there a documented strategy and proven plan to keep the business operational due to any disruption event?
- What is the risk of a hacktivist attack and can the cyber security protections in place guarantee that the business is safe?
- If data was compromised and destroyed, can the business recover its operations, and how long would it take?
- What then would be the impact to customers, shareholders, employees if information was lost?
Sign up for Computerworld eNewsletters.