Recently, I’ve been doing intensive exercise. Not to lose some pounds before the inevitable post-Christmas weight gain, but because I’m getting ready for an XLETIX obstacle course in Munich. It won’t be easy. I’ll need to run, climb, jump and crawl past miles of mud and obstacles. And I’ll need to be as fit as possible to make it to the end. In a way, it’s helped me empathise with businesses that are having to get their data and processes in shape.
They’re facing two obstacles that are tougher than ever before:
GDPR and ransomware.
GDPR has changed how we handle data. It’s forced us to think more carefully about how much we store, how we store it and for how long. And we’re already seeing some organisations under scrutiny for not following the rules. A Canadian analytics firm could face a huge fine after being recently hit with the first formal GDPR notice. Twitter is also under investigation for the data it collects with its URL-shortening system.
Meanwhile, ransomware is on the rise. Attacks are easier than ever to carry out—and harder to defend against. They can also be profitable for attackers, creating new business-driven motivations for launching threats. And if you’re not prepared for an attack, it can cost you dearly. The city of Atlanta, for instance, ended up paying over $2.6m to recover from a ransomware attack that hit their systems.
The compliance work-out plan
Push-ups won’t help CIOs prepare for these challenges. But there are some practical ways to get your business in shape and keep your data secure. Firstly, the wiser that employees are to threats and regulations, the better. The right training will help them know what to watch out for, such as dubious email attachments, and how to respond in the event of an attack.
You’ll also need to ensure that the systems you’re using have the right security measures built in to keep the latest threats out. And a solid backup strategy will help you get up and running again faster if you do get hit. But your best backup plan will fail if your backup system is not safeguarded against attacks, this is why we have been going down the path of a rigorous tight security implementation with our backup appliances hardware which includes way more things beyond just your regular security hardening but locked down root account, a controlled kernel, ridged binary control, closed signed updates and built-in intrusion detection and prevention, just to name a few. I´m proud to say that this saved more than one customer from paying ransom already as our backup systems as your last line of defence has built-in obstacles to the bad guys which so far no one has overcome.
Be fit for anything
Let’s put ourselves in a worst-case scenario. A ransomware attack compromises your data. What do you do? Your most important first step is to report the breach. And don’t feel foolish or embarrassed for being attacked. Remember, this is happening to almost everyone. As attacks become more complex, getting hit is now a matter of when not if. Even corporate giants like Facebook and Twitter are finding themselves having to deal with security and compliance crises. Besides, trying to sweep your problem under the rug will only make things worse when you get found out later on.
Ultimately, there’s no silver bullet that will make you immune to data breaches and ransomware attacks. Preparation is your best strategy. And when you’re attacked, transparency is key to damage control and the ability to perform fast recovery from a backup system you can trust to be a Fort Knox in your environment is like your personal fitness check to be ready to master any tough situation along your way.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.