So, you know your IT could run better…you worry about things like ransomware and cybersecurity in a general sense…but, what would you do if you came into school one day to find all your data has been encrypted?
Worse still, the cybercriminals responsible for encrypting your data, forcing lesson delivery back a couple of decades in the process, have also stolen the data. They have uploaded a sample to the public internet, just to prove they’re serious about releasing all of your most sensitive student-related data publicly, should you decide not to pay the ransom demand within the time specified.
What now?!
Sure, you can decide not to pay the hackers and simply restore your data from backups – a process which could easily result in a week or two of disruption. However, the simple fact is, they will still release the data you are responsible for safeguarding, exposing you to significant potential liability.
You could pay the ransom, but this provides no guarantees the hackers won’t simply follow-through on their threats regardless. Or, you could allow the data-leak to go-ahead, knowing there will likely be significant fallout, but avoiding paying the cybercriminals.
So, if a simple restore from backups isn’t the answer, what is?
Well, cybersecurity is no longer just about backups, anti-virus and a firewall…a more robust and measurable approach is needed to combat today’s sophisticated threat landscape.
Working to adopt a Cyber Security Framework (CSF) will ensure you don’t miss important steps on the road to ‘Cyber Resilience’. Adoption of such a framework will typically involve completing several ‘phases’ on the path to implementing an actual information security strategy.
The key phases involved are:
IDENTIFY | PROTECT | DETECT | RESPOND | RECOVER
IDENTIFY seeks to understand how your important data is collected, stored, accessed, where it’s accessed from, and using what means.
PROTECT endeavours to apply appropriate safeguards to prevent unauthorised access to such data, malicious or benign.
DETECT assumes your protections cannot be completely effective 100% of the time, so, aims to provide appropriate monitoring to enable malicious behaviour to be identified quickly.
RESPOND is all about developing the capability to act quickly and decisively, to minimise the impact of a breach, once detected.
RECOVER we’ve already alluded to and, in its simplest form, merely describes the process of restoring critical data from earlier backups.
The unfortunate truth though is, in most cases, less than half of such phases are completed.
Today, most skip IDENTIFY, going straight to PROTECT but crucially missing DETECT and RESPOND, resulting, almost without exception, in a security posture. which, at best, this gets some things right by accident and, at worst, represents wasted investment in technologies which will be wholly ineffective in safeguarding your data when the time comes.
If nothing is invested in IDENTIFYING the risks and appropriate mitigations, how can we possibly select and implement effective PROTECTIONS?
In the same vein; we know that no protections are perfect and that hackers work tirelessly (and sadly very successfully) to find new ways to circumvent them. So, if we’re not employing technologies which assume you’ve been hacked, monitor for indicators you’ve been compromised, and alert you in the event you are breached, how will you ever know?
Then, once a breach is detected, you must have the ability to RESPOND. Without such capability, you’re left in a position where you know you’ve been hacked, but have no idea how to investigate, secure the breached system(s), and learn how best to enhance your security to prevent a repeat.
When it comes to cybersecurity, the saying goes: “You need to get it right every single time…The criminals only need to get it right once.”
If you’re worried your security might not be up to scratch and would like to take advantage of a free assessment, reach out to FORTIFIED today.
Don’t get hacked… Get FORTIFIED…!!!
