< Previous7 Cybersecurity Trends to Watch in 2023 CYBER SECURITY www.networkseuropemagazine.com 50Cybersecurity never stops evolving because digital technologies are increasingly overtaking each part of our lives, in turn increasing the scope cybersecurity tools should cover. This ever-changing nature of the cybersecurity field makes each week, month and year different from those that have passed, making it extremely important to stay two steps ahead of emerging threats. 2022 was an intense year for cybersecurity. State- sponsored cyberattacks showcased how real-world events can have serious implications for the online world, whereas businesses in an already difficult economic environment suffered some of the biggest cyberattacks ever seen. Fileless malware will pose serious concerns Because fileless malware does not require its victim to download any files, it is practically undetectable by most information security tools. This type of malicious software works by exploiting vulnerabilities in already downloaded, well-known and trusted applications, leaving no trace on the computer’s memory. Fileless malware requires significant skills to develop and carry out, but if it's successful, it can do immense damage. Targeting supply chains The Covid-induced global chip shortage revealed that the most fragile part of the global economy is its interconnectedness. By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals have the ability to grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands. We already saw this trend in 2022, and these types of attacks are only ramping up. Employees will be the weakest link in corporate cybersecurity With the human factor being the culprit behind more than 80% of cyberattacks, companies will continue to struggle to instill proper cyber hygiene principles in their employee culture, even though the tools they use are becoming increasingly advanced. Ransomware will become more targeted Usually, ransomware is spread randomly to numerous targets by phishing or other social engineering methods with the hopes that someone will click the link or provide their credentials. More recently, however, ransomware gangs have been applying a different approach that is more carefully crafted for each individual victim and can do much more damage. Cloud security will become increasingly important With companies increasingly moving their data into the cloud instead of storing files locally on their computer, we will see a growing number of cyberattacks that exploit vulnerabilities in current solutions. The EU threatens encryption laws In order to curb various online crimes, the European Commission has put forward a proposal to weaken encryption laws across the bloc. If it passes, the new law will require digital platforms to scan every single message or file sent through their services for suspicious content. While the motivation behind the initiative is well-intentioned, it would make the internet much less private and secure. Reduced cybersecurity spending will expose vulnerabilities With a looming recession, many companies and individuals are rethinking their budgets, and cybersecurity spending is often among the first to receive a cut. Criminals will exploit this lowered guard, which is very likely to make 2023 one of the costliest and most destructive years for entities affected by cybersecurity incidents. From new strains of potent malware to major policies that threaten privacy and encryption, NordLocker’s Tomas Smalakys outlines his predictions for what is waiting for cybersecurity in 2023. Tomas Smalakys CTO NordLocker CYBER SECURITY www.networkseuropemagazine.com 51Making Data Protection a Priority in 2023 CYBER SECURITY www.networkseuropemagazine.com 52As we begin another new year, it is important that we take a look back at 2022 and review the lessons we can learn from it. Let’s begin by thinking about the state of your business’ data – do you know where all of your data is and are you aware of everyone that has access to it? Most businesses have sprawling digital estates - with traditional network infrastructure a speck in the distance thanks to remote and hybrid working - and cannot confidently answer both of these questions. This needs to change in 2023 as this challenge worsens due to the exponential growth of data, flexible working and subsequent growth of issues such as shadow IT, and employee churn caused by the growing number of tech layoffs and the post-pandemic ‘great resignation’. With data breaches rising by 70% globally in Q3 last year – a total of 108.9 million account breaches – it is crucial that the security of businesses’ data, no matter where it is on the network, is addressed as soon as possible to prevent this from repeating in 2023. This is the only way businesses can avoid the potential costs – financial, reputational or otherwise – associated with a data breach. Here we take a look at the threats businesses face and how they can protect their data from both internal and external threats… Data threats come from within the walls of a business Many businesses are becoming increasingly worried about external threats such as ransomware attacks, which are orchestrated by malicious threat actors. At the end of last year, the US Treasury announced that American financial institutions processed roughly Nick King Head of Solutions Orange Cyberdefense Nick King, Head of Solutions at Orange Cyberdefense looks at the lessons learned from 2022 and making data protection a priority in 2023. ng Data ction a n 2023 CYBER SECURITY www.networkseuropemagazine.com 53$1.2 billion in ransomware-related payments – an almost 200% increase on 2020. Considering this statistic alone, it is no wonder that organisations are so concerned about ransomware attacks. However, cybersecurity threats don’t just originate externally. The human element of cybersecurity is something that businesses cannot afford to overlook. They need to start looking inwardly to identify the internal threats that pose a danger to their operations. Even the employees with the purest of intentions can accidentally harm a business’ cybersecurity strategy. Something as seemingly innocent as clicking a link could open the door to external threat actors and allow them to connect directly to a business’ corporate network. This access, in turn, allows malicious actors to evade the security initiatives that businesses have in place. This concept is most commonly known as an ‘insider threat’ and it mainly comes in two forms – malicious or unwitting. An example of a malicious insider could be a disgruntled employee that leaked sensitive internal documents as a result of being fired. Unwitting insiders are simply individuals that do not have any awareness of cybersecurity best practice or may not have received any cybersecurity training, and therefore do not know any better. This lack of awareness may cause them to click a phishing link or connect to an insecure public network and in turn, put their organisation at risk. All threats to an organisation’s sensitive and valuable data – malicious or unwitting – need to be diminished in order to protect its most important asset. However, while most organisations will have basic security solutions in place, data security is often the aspect that businesses neglect as data is so sprawling and fast-evolving. As the tactics used by cybercriminals are becoming more sophisticated, it is important to be realistic and recognise that not all threats can be eliminated before they cause harm. As a result, businesses must look at how their internal security posture can be improved. A key way of improving data security is reducing the number of people that have access to sensitive internal documents. However, organisations with low knowledge of data security practices may have no visibility of the data that they have, including a lack of visibility over who has access to the data itself. In these cases, it could be beneficial to take on the help of an external managed security service provider to alleviate the growing pressures of data security and review their current posture. Achieving continuous data protection Before achieving total data protection, businesses must complete data discovery, beginning by analysing their data lifecycle. During this process, data should be classified and sorted in terms of its sensitivity. What data does a company own, where it is being held – internally or in the cloud – and who needs to access it? Once this information has been garnered, businesses can look at whether the data should have more restricted access than it currently has, or whether it is necessary to allow everyone access. This will help to identify the internal data that may be at risk. For example, is there sensitive data that everybody in the organisation has access to? If so, the attack surface will be great. The next stage of the process involves looking closely at any files that employees have access to but no longer need, and this can be determined by looking at which files are rarely accessed. In many cases, the data will not be sensitive, but by restricting access to it, minor breaches can be prevented. After gathering all of this information, businesses will be more able to assess the access their employees have to all types of data, and remove it where appropriate. Removing access means that should a malicious actor infiltrate your organisation, or an unwitting breach occurs, the potential damage or ‘blast radius’ will be as small as possible. By regularly and continuously tracking user activity and their typical behaviour and patterns, businesses can also identify unusual activity. An example of this could be a remote worker that always accesses a file from their home in London. If they suddenly access this file from Germany, their account can be temporarily blocked until the session has been verified. Much like when you travel abroad and have trouble using your credit card. This continuous data protection process can be supplemented with the use of automation to keep data secure as an organisation evolves and changes. For example, automation can be used to automatically remove access to certain files when an individual’s job title changes, block a user’s account when suspicious activity occurs, or remove access to files they haven’t accessed within a certain time period. The added element of automation can reassure stakeholders that their data is kept safe continually, that any unusual and potentially threatening activity is terminated before damage occurs, and that the ‘blast radius’ of a potential attack is as small as possible. The importance of data security Cybersecurity will arguably never have been more prominent than it will be in 2023. With cybercrime on the rise and data becoming a key target for malicious actors, now is the time to ensure that your strategy is airtight and that you have a backup plan should your business fall victim to a cyberattack. For data security specifically, it is always better to prepare for the unexpected and invest in the strategies that will help your business to stay above water in these turbulent times. CYBER SECURITY www.networkseuropemagazine.com 54CYBER SECURITY www.networkseuropemagazine.com 55Not ‘if’, but ‘when’ Cyberattacks are on the rise, with this uptick largely attributable to increasingly active ransomware actors. Only 85% of global organisations reported that they had not experienced a ransomware incident in 2022. The skyrocketing volume and severity of cyberattacks mean that it’s no longer a matter of ‘if’ or ‘when’ an organisation will be attacked, but ‘how often’. This is the harsh reality for the modern enterprise and, with ransomware at an all-time high, a comprehensive data recovery strategy has never been more critical. Data protection has been in the spotlight for a number of years now since GDPR was introduced in the wake of a number of high-profile breaches. Much attention has been given to the financial and reputational ramifications of data loss, but an equally important issue is that of data recovery and the wider business continuity implications of not being able to recover data quickly. Faced with an ever-evolving threat landscape, these considerations are more important than ever. Dan Middleton VP UK&I Veeam Why Data Recovery Must Always Start With Backup DATA RECOVERY www.networkseuropemagazine.com 56ery rt DATA RECOVERY www.networkseuropemagazine.com 57Data recovery, an essential aspect of business continuity planning, should always start with a reliable backup system, but this is only half the battle. The idea that an organisation can simply ‘restore from backup’ is a dangerous oversimplification of the process and can lead to false assumptions about the integrity, and hence, capabilities of the backup system. Any backup that has not been verified as error-free will mean the restoration of risks and vulnerabilities. This can ultimately result in further downtime and data loss which can cost the business dearly, especially in the case of a ransomware attack. Having a tried and tested strategy for getting the business back on its feet following a disruptive incident is essential. Unfortunately, many organisations are not prepared for this eventuality. According to our Data Protection Trends Report 2023, 39% of UK&I organisations still rely on manual steps to restore data following an attack. This can be an arduous process and often leads to systems being inactive for longer than is necessary, which is particularly problematic for those organisations with large-scale operations where even a short period of downtime or a small volume of lost data could have significant implications for the bottom line. For example, if you’re a large retail business, which relies heavily on digital services – from point-of-sale systems and scan-as-you-shop devices across your hundreds of stores, to e-commerce and inventory management systems that power your online offering and home delivery, a few hours of downtime could lead to millions of pounds in missed sales. Fortunately, to avoid this, modern data protection solutions now exist that can orchestrate data recovery and deliver organisations with lightning-fast recovery. The solutions are scalable according to the backup needs of the business. They are underpinned by techniques and principles to optimise the resilience, reliability and robustness of the data recovery process. So, how can this be achieved? Fail to plan or prepare to fail Preparation is key. Developing a robust backup plan is the first step, and should include a rigorous business impact assessment to identify areas of vulnerability, and to establish the Recovery Point Objectives and Recovery Time Objectives that underpin disaster recovery planning. A good practice is to assume that the worst will happen and then plan accordingly. Considering that only 55% of UK&I respondents said their data is typically recoverable after a ransomware attack, and that other causes of downtime haven’t gone away, you’d be a fool not to. Any backup plans should also clearly define the roles and responsibilities of employees so that each individual is accountable and furnished with clearly defined actions. Most will not be involved in active data or business recovery roles, but knowing how to spot a phishing scam, keep a laptop secure or identify suspicious behaviours all bolster resilience and reduce risk. Further training to role- play data recovery scenarios can also ensure that the organisation is able to recover faster, restore data more quickly, and ensure business continuity. Immutable data backups Adhering to the 3-2-1-1-0 rule is critical for ensuring the security of an organisation’s data, especially given today’s complex, hybrid infrastructure environments. This rule is a powerful tool that goes beyond standard security measures and takes data protection to a new level. By following the 3-2-1-1-0 rule, organisations are assured that at least three copies of their data are stored on at least two different media, with at least one stored offline and one that is air-gapped or immutable, with zero incomplete backups or errors. This ensures that even in the event of an attack, the backup version of the data will remain untouched and accessible. Immutable backups prevent malicious actors from encrypting data after it has been written, thus creating an additional layer of protection. This is not a new concept, but the application of immutability for storage is. For example, organisations can make their data stored offsite in the cloud immutable for a certain period of time, such as 30, 60 or 90 days. This adds an extra layer of security and peace of mind, knowing that their data is safe and secure. Test, test and test again After creating a recovery plan, the most important thing is to test it. Organisations must know if their plan works. There is a tendency to not fully test disaster recovery plans, or not test them at all. At best, most firms partially test their recovery plans once or twice a year. Continuous testing is important, especially since applications are constantly changing. To optimise cyber “Having a tried and tested strategy for getting the business back on its feet following a disruptive incident is essential.” DATA RECOVERY www.networkseuropemagazine.com 58resilience, automated backup verification lends itself to daily testing. This ensures that backups are functioning properly, and also allows organisations to monitor for any signs that hackers have gained access or tampered with the systems. If backups are not dynamically tested, an organisation may not be able to recover as intended. An automated approach The implementation of automated backup systems can greatly simplify the process of data recovery. As introduced above, by utilising software to automate the entire process, organisations can effectively back up files, folders and systems without the need for human involvement. Another viable option is to incorporate automated backup and replication, as well as self- service workflows, which enable individual employees to swiftly restore individual files in the event of an attack. This approach can greatly mitigate the risk of missed business opportunities, as it allows for rapid data recovery in a matter of minutes. By placing data restoration capabilities in the hands of employees, organisations can drastically reduce IT helpdesk request volumes, providing much-needed relief to the IT department. However, to ensure optimal performance, it is essential to invest in training, preparation and adherence to best practices. The data recovery process is central to an organisation’s business continuity strategy and should be treated as such. Only with data backup as a core priority will enterprises be able to recover their data quickly when needed. The recovery process starts with having a reliable and well-tested backup system in place. This includes following the 3-2-1-1-0 rule, regularly verifying and testing backups, and implementing automated systems to simplify the backup process. Following these principles will ensure that organisations are well prepared to handle any unexpected disruptions and get systems – and more importantly the business functions reliant upon them – back up and running as soon as possible. “By utilising software to automate the entire process, organisations can effectively back up files, folders and systems without the need for human involvement.” DATA RECOVERY www.networkseuropemagazine.com 59Next >