Cyber Security in an all-digital world

By Effendy Ibrahim, VP, Asia & Japan, Veeam Software

Effendy Ibrahim, VP, Asia & Japan, Veeam Software

It’s no secret that we’re living in a digital-first world. According to a report by IDC, two-thirds of the CEOs of Global 2000 companies will have digital transformation at the center of their corporate strategy by the end of 2017. Digital transformation isn’t just a trend; it’s changing how we interact with banks, service providers, and the government. It is leading industries and organisations to refocus and deliver towards the needs of today’s highly connected world. Spring Singapore, a government agency responsible to help local enterprises grow, has supported 120 food service companies in adopting digital service solutions in just the first five months of 2015. Since then, the number has grown and will continue to rise.

As connectivity has become ubiquitous, consumers, employees, and partners expect that almost every experience will have a digital component. We’re living in the App Age. Today, apps track golf swings (and recommend ways to improve shot performance), as well as give tips to brew the perfect cup of coffee based on personal preference. Digital services help in monitoring the spread of infectious diseases, track criminal activity, and movements of motor vehicles to collectively enable the government to provide a safe, clean, and efficient environment for its citizenry.

“Creating a solid business continuity plan depends on conducting regular data backups, along with verifying the integrity of those backups and securing them”

This shift toward digital transformation is a long-term process that will span years, and will leverage digital technologies to increase efficiencies.

However, the trade-off between convenience and security may inadvertently expose forward-thinking governments to a broader range of vulnerabilities.

The stakes are getting higher for all as cyber threats have an increased capacity to interrupt a world that prioritises digital interactions. According to a recent report by Trend Micro, 2016 represented a record year for enterprise breaches. Asia-Pacific bore the brunt of cyberattacks with the highest number of attempted threats across different forms, especially for online banking malware and ransomware. 2016 also saw distributed denial-of-service (DDoS) attacks gaining traction worldwide, with breaches turning unsecured Internet of Things (IoT) devices into zombie bots.

Singapore’s telco infrastructure experienced its first DDoS attacks, unprecedented in scale, nature, and complexity. Arising from malware-infected routers and webcams, the attacks caused temporary downtime and brand damage, forcing some of local telco Starhub’s home broadband users offline. In addition, our neighbours in Australia experienced a nation-wide crisis when their eCensus was hit by a major DDoS attack, preventing thousands of Australians from taking part in the census. Additionally, the attack led to a hardware failure, the overload of a router, and a false alarm about the attack, causing a total downtime of 43 hours and significant embarrassment for the Australian government, prompting outcries from citizens and the opposition.

While the tools used may evolve over time, the strategy to combat these threats remains focused on two main areas: prevention and creation of solid business continuity plans. Prevention efforts focus on careful treatment of privileged accounts and control of permissions, ensuring regularly updated antivirus and anti-malware scans and awareness training for employees. While prevention remains paramount, the creation of a solid business continuity plan will grow in importance in an all-digital world, where everyone will rely on and expect 24.7.365 availability of data and services.

Creating a solid business continuity plan depends on conducting regular data backups, along with verifying the integrity of those backups and securing them by ensuring they are disconnected from the computers and networks they are securing. The timeless rule for failure scenarios is the 3-2-1 backup rule–3 copies of the company data should be saved on 2 different media and 1 copy should be offsite. The “1” in the 3-2-1 rule continues to play an important role especially in an all-digital world as it does not allow for direct data access, providing protection against ransomware.

Even as organisations improve their cyber security plans, a balance needs to be struck between protection and business continuity. Without constant availability to data and services, downtimes caused by cyberattacks will have repercussions beyond simple inconvenience.

Based in Sydney, Australia, Veeam offers solutions that deliver availability for the Always-On Enterprise. The company was founded in 2006 and has 45,000 ProPartners and over 230,000 customers across the globe.