By Richard Massey, VP EMEA North at Arcserve
There’s no industry at this point in time that doesn’t find itself constantly under the threat of a cyberattack. Threat actors have consistently targeted organisations in the banking, healthcare, energy, utility and more recently, the educational sector. These are complex attacks with often simple entry points that cause damaging disruption such as system shutdowns and downtime. It compromises business critical data and cripples an organisation’s ability to operate, potentially damaging its brand reputation and value in the eyes of its customer. However, it’s those critical sector organisations, such as energy and healthcare, where the impact of a cyberattack can be felt most, with often more serious and sweeping effects.
Attacks on these industries target the most essential pieces to an organisation’s bottom line. For attacks using ransomware criminals seek to encrypt systems to halt operations and demand payment in return for a decryption key. Without access to critical IT infrastructure operations often ground to a halt, potentially causing concerning harm to life. For example, the EKANS ransomware strain has become notorious since it targets an organisations industrial control system (ICS). Due to the pressure IT teams would be under to recover systems quickly, victims may rather pay to minimise their downtime.
Also, ransomware is not a threat that is likely to lessen any time soon. Last year we saw the Blackbaud attack steal data from a number of universities in the UK, as well as the US and Canada, which highlights that no industry is safe from criminals seeking to exploit access to business critical data and IT infrastructures. This year will be just like the last in that we’ll continue to see more attacks on critical sectors. Since specific industries have become even more crucial for keeping our society functioning during these times, it’s likely these will be under the most threat, as any type of disruption could have detrimental and far-reaching impacts.
The biggest concern for these critical industries is keeping the downtime they experience after an attack, to a minimum. They best way to achieve this is by creating a response plan that firstly establishes a recovery point and time objectives for every single system and application within a network. It’s not feasible to recover every system in a network instantaneously. Therefore, organisations will have to set out a list of prioritised applications and systems that need to be recovered first. This will avoid any confusion for those tasked with the recovery effort and reduce the negative impact from downtime of critical systems.
The potential loss of data isn’t as immediate a threat to organisations as the loss of critical operations. However, it still has serious implications for critical sector organisations, so being able to safeguard them remains a high priority – not only will access to this data help the recovery process, but it also needs to be considered in accordance with current data protection legislation.
General Data Protection Regulations introduced by the EU back in May 2018, which are expected to be adopted by the UK post-Brexit, has provided guidance on how we collect, store, manage and discard data. Organisations must ensure they have their own data backed up by storing it off-site as well as on premise, which guarantees its recovery from any potential attack.
Having the ability to implement cybersecurity protocols with data protection offers a much smoother recovery process. Reducing the time between attack detection and the beginning of a recovery process is best tackled with a two-pronged approach as it limits the overall impact on critical systems and applications. Many industries have had to work with much more restricted budgets due to the ongoing pandemic, so this approach also offers a cost-effective solution for dealing with these situations.
Education is key
A useful tool to deal with attacks is ATT&CK knowledge framework which was updated last year. It offers valuable advice defending against these types of attacks. IT teams working with critical infrastructures can use this framework to set out their own individual recovery plans, particularly to understand the necessary steps for recovering their systems. By undertaking frequent and stringent test of these plans, it will allow them to deal with elements that were previously unknown in the recovery process and also identify any major weaknesses. By gaining this understanding they will greatly reduce the time it takes to recover and secure systems during a cyberattack.
We’ve seen many organisations go through radical digital transformations over the past year, accelerated largely due to the COVID-19 pandemic. This major shift has brought about a greater attack landscape for criminals to target organisations in critical sectors. Our society is extremely fragile at this point in time and a major attack on certain sectors has the potential to cause unfathomable damage with great consequences to our daily lives. It’s paramount that when an attack happens, IT professionals working in these sectors have the best education, information, and tools available to them to best understand the risks and establish an effective plan of action.