How to protect and restore your data after a cyberattack
- 22 February, 2022 09:00
The pandemic has led to a wholesale shift in how we work. Working from home and hybrid work have become the new norms for many people. This shift has invited new digital vulnerabilities to the workplace.
Our research has found 94% of data breaches are a result of human error. For instance, when an end user accesses a less secure public network, the end user can expose its organisation to cyber threats. Threat actors have also changed how they target users. A common attack vector method is when a bad actor attempts to lure individuals through phishing emails. These emails usually contain enticing financial offers that can easily tempt many users to click on malicious links creating an access point into a corporate network.
As cybercriminals continue to find and exploit the weakened security arenas of many businesses, paying exorbitant ransoms has become common place. Paying a ransom demand may lead to the retrieval of encrypted files, but it creates a series of expectations for both businesses and cybercriminals. The more businesses succumb to the payment demands of cybercriminals, the more normalised this practice becomes.
According to the Australian Cybersecurity Commission, ransomware breaches are trending upwards. The commission is now seeing 1,500 breaches per month. The commission also estimates the pandemic has contributed to this trend. On average, there are approximately eight intrusions per day. These developments underscore why businesses need to take enhanced measures to improve their cyber resilience.
In the previous two articles, we focused on the importance of backup, endpoint and educating end users at the core of a business’s cyber resilience posture. In this article, we examine two important elements that contribute to the protection and restoration of your network in the event of a cyberattack thereby increasing your cyber resilience.
Endpoint Protection Leveraging Threat Intelligence
The first element of boosting your security stack is having access to real-time threat intelligence. The BrightCloud® Threat Intelligence Platform is made up of 285+ million connected sensors spread across the internet. With its sixth generation machine learning technology, BrightCloud offers the real-time threat protection you need, powered by both machine learning and human observation. It is designed to detect polymorphic malware, which is malware unique to a single machine.
A threat intelligence platform should always be up-to-date and offer the breadth and depth of real-time, contextual data that businesses need — especially for hybrid working settings. The BrightCloud® Threat Intelligence Platform goes one step further in an attempt to tackle zero-day threats by using machine learning to break down everything in its database into smaller hashes. If those small hashes are associated with malicious activity, users are informed.
At the end user level, these hashes inform scans on the user device. The scan takes about a minute through a lightweight endpoint agent (around four megabytes) without disrupting a user’s productivity or degrading the computer’s performance.
Identifying your Recovery Point Objective and Recovery Time Objective
The second critical element to consider when boosting your cyber resilience posture is maintaining your business continuity. Business continuity and disaster recovery (BCDR) focuses on an organisation’s ability to restore data when downtime strikes. Downtime could be caused by a malicious actor or a server failure. The key factors in BCDR are identifying your Recovery Point Objective (RPO) and your Recovery Time Objective (RTO).
With RPO, you’re looking at what you can afford to lose in terms of data. Some organisations have a 24-hour RPO. The more backups you have and the greater in regularity, the lower your RPO will be. RTO also links in with RPO. It’s all about the amount of time it takes to restore a system and get users back online. By understanding your RTO and RPO, you will be able to identify a BCDR that works for your organisation and increases its security posture.
An offering such as Carbonite® Availability helps businesses meet their RPO and RTO objectives. It protects both Windows and Linux servers, replicating continuously to a target server, either local or in a co-location environment. Carbonite® Availability is agent-based and operates at a guest level on the host OS, giving users the ability to protect both virtual and physical instances. With Carbonite® Availability, if the primary system goes offline, the business can manually transfer to a destination environment or orchestrate it. If there’s a failure, it automatically brings up a target server.
When it comes to protecting and restoring your client’s data, don’t leave their critical and confidential business information to chance. Whether you’re looking to boost your client’s data recovery options or better protect their business from the latest threats, Carbonite + Webroot offer a suite of products and business solutions designed to improve your client’s cyber resilience and expand your service offerings that can help grow your business.
Not a partner? Request a meeting here: Request for Contact ANZ | Webroot
Already a partner? Learn about our latest CyberPlus incentive program
