Cybersecurity in an all-digital world
By Don Williams, Vice President, Australia & New Zealand, Veeam Software
Monday, 01 May, 2017
It’s no secret that we’re living in a digital-first world. According to a report by IDC, two-thirds of the CEOs of Global 2000 companies will have digital transformation at the centre of their corporate strategy by the end of 2017. Digital transformation isn’t just a trend — it’s changing how we interact with banks, service providers and the government. It’s leading industries and organisations to refocus and deliver towards the needs of today’s highly connected world.
As connectivity has become ubiquitous, consumers, employees and partners expect that almost every experience will have a digital component. We’re living in the App Age. Today, apps track golf swings (and recommend ways to improve shot performance), as well as give tips to brew the perfect cup of coffee based on personal preference. Digital services help in monitoring the spread of infectious diseases, tracking criminal activity and studying congestion on roads or public transportation to help governments plan infrastructure developments.
This shift towards digital transformation is a long-term process that will span years, and will leverage digital technologies to increase efficiencies. However, the trade-off between convenience and security may inadvertently expose forward-thinking governments to a broader range of vulnerabilities.
The stakes are getting higher for all, as cyber threats have an increased capacity to interrupt a world that prioritises digital interactions. According to a recent report by Trend Micro, 2016 represented a record year for enterprise breaches. Asia–Pacific bore the brunt of cyber attacks, experiencing the highest number of attempted threats across different forms, especially for online banking malware and ransomware. 2016 also saw distributed denial-of-service (DDoS) attacks gaining traction worldwide, with breaches turning unsecured Internet of Things (IoT) devices into zombie bots. Telstra’s 2017 Cyber Security Report revealed that as many as 60% of Australian businesses have been victims of ransomware in the past 12 months, highlighting an emerging issue that can have serious impacts on productivity.
Australia experienced a nationwide crisis in 2016, when our census was hit by a major DDoS attack, preventing thousands of Australians from taking part in the census. Additionally, the attack led to a hardware failure, the overload of a router and a false alarm about the attack, causing a total downtime of 43 hours. This caused embarrassment for the Australian government, prompting public outcry from citizens and the opposition. The government is taking the threat extremely seriously, and has recently unveiled a comprehensive strategy document, describing cybersecurity as “a fundamental element of our growth and prosperity in a global economy”.
While the tools used may evolve over time, the strategy to combat these threats remain focused on two main areas: prevention and creation of solid business continuity plans. Prevention efforts focus on careful treatment of privileged accounts and control of permissions, ensuring regularly updated antivirus and anti-malware scans and awareness training for employees. While it remains paramount, the creation of a detailed business continuity plan will grow in importance in an all-digital world, where everyone will rely on and expect 24.7.365 availability of data and services.
Creating a solid business continuity plan depends on conducting regular data backups, along with verifying the integrity of those backups and securing them by ensuring they are disconnected from the computers and networks they are securing. The timeless rule for failure scenarios is the 3-2-1 backup rule — 3 copies of the company data should be saved on 2 different media and 1 copy should be off-site. The ‘1’ in the 3-2-1 rule continues to play an important role, especially in an all-digital world, as it does not allow for direct data access, providing protection against ransomware.
Even as organisations improve their cybersecurity plans, a balance needs to be struck between protection and business continuity. Without constant availability to data and services, downtime caused by cyber attacks will have repercussions beyond simple inconvenience.
 Australian Federal Government, https://cybersecuritystrategy.dpmc.gov.au/
Intel's Spectre and Meltdown fixes are causing reboots and a performance hit in some...
Microsoft has reportedly withdrawn patches for Meltdown and Spectre kernel memory vulnerabilities...
The use of bitcoin is largely associated with illegal activity, according to new research.