compliance, disaster recovery and RTO / RPO investment

Crime pays. Otherwise there would be no crime. Cybercrime is no different from any other form of crime except that there is very little risk of being mistaken for hacked groups or individuals. And that means there is no incentive to stop extorting money from badly or unprotected organizations. As potential victims, we can go beyond protecting ourselves by becoming more sophisticated about how we think about cyber defense, as well as when backup recovery and RPO (or recovery point goal) clearly become necessary. .

The growing need to be more sophisticated stems from the fact that piracy has become much more established. As Brian Spanswick, the CISO of Cohesion, said recently in an exclusive interview with TechHQ, “[Bad actors] are increasingly sophisticated and better funded. And you see them run like businesses, which is really, really crazy! We see examples where they actually recruit kids – college graduates – and they pay them salaries, and they take money and reinvest in their tools.

We often hear that the tools to facilitate ransomware attacks are readily available, and in some ways always have been. Defense experts’ cybersecurity methods and tools (Metasploit, Maltego, Burp Suite, et al.) can work just as easily for bad as for good. But we often hear the phrase “piracy as a service”. Perhaps that is an oversimplification, Spanswick said. But he added: “It’s not just a guy trying to figure things out in his bedroom anymore, there are actually tools that [he] can subscribe [he] can use.

If so, then there is more than a grain of truth to the other oft-repeated hype: it’s not if you’re attacked, it’s when. Protection is therefore very important, and the nature of protection must evolve, depending on the evolution of the tools used to attack. But, said Spanswick, there has to be a change of balance in accordance with “not if but whennot” declaration.

“Yes you should have these employee protections in place, you should have an aggressive patch program, you should having network segmentation, where possible, all of these things will help you in a ransomware situation. But all of these things are protective controls. We also have to be aggressive with controls that minimize the impact.

“How fast can I recover from a backup? How aggressive is my recovery point that I am recovering from? Spanswick thought. “These two attributes have a significant impact if my defenses fail.”

Mastering RPO and RTO

Maybe getting the message out about cybersecurity costs just got easier? “Five years ago, the board of directors thought of [cybersecurity] as a compliance program. And it’s not very sexy to invest. [Now] it’s easier to sell it up the food chain, with these really public ransomware attacks like Colonial Pipeline scares those cards.

This is not to say that the company’s CISO has access to unlimited resources to protect the business and provide proper backups and failover facilities. Concretely, Brian told us, “The trick is to balance the cost with how aggressive you might be on those RPO goals.”

According to Druva’s glossary, “the recovery point goal (RPO) is defined as the maximum amount of data – measured by time – that can be lost after recovering from a disaster, failure, or comparable event before data loss does not exceed what is acceptable to an organization. An RPO determines the maximum age of data or files in backup storage necessary to meet the goal specified by the RPO, in the event of a network or computer system failure.

Aggressive RPO and RTO (Recovery Time Goal) goals can be primary business metrics, but depending on where an organization is based, statutory goals must also be met. And while this may be another deeply unsexy topic to discuss, it is certainly one that should be a major concern at the board level. After all, cybersecurity is now part of the broader political discourse at the highest levels.

These are steps towards a situation where it becomes mandatory to protect and have safeguards, which, depending on your notions of the “size” of a government, can be a good thing or a bad thing. But according to Microsoft figures, 1.26% of the world’s computers (1.26% of two billion computers are over 25 million installations) are currently running the nearly 20-year-old Windows XP system. operating so insecure that its login password can be bypassed by users by pressing key combinations during startup.

Much of the cost of doing business today includes the computer bill. This bill could and should include updating the software to run on a later (and supported) operating system, investing in hourly instant backups of critical systems, or best metrics. cybersecurity protection. Like an investment in a building’s infrastructure to ensure it doesn’t fall, the technology investment keeps the show on the road.

And should part of the IT budget be allocated to paying for ransomware claims when (not if) hackers strike? Brian told us, “My opinion as an CSO is that if you pay, you add to the problem, you fund these groups for future attacks, and that’s how they get more and more sophisticated. [by] reinvest that money in their attack techniques. But it’s a decision for every business.

Leave a reply:

Your email address will not be published.