July 15, 2022 - securitylinkindia

Feature

How Enterprises Can Protect Their Digital Assets in 2022

MassMediaLink India LLP SecurityLink IndiaJuly 15, 2022November 14, 2024011 mins

Prashanth G J, CEO of TechnoBind Today, almost everything you need to run and manage in an organization is stored online. From digitally preserved company processes, customer, client and partnership data, to your website, login credentials, company emails, team messages, saved conference calls, social media accounts, advertising campaigns, product and service manuals, and every other byte of data that is generated within your organization is your digital asset. Investors value digital assets because they increase a company’s overall worth. Companies can claim expenses and tax deductions against their digital assets because they can be sold separately. They are just as valuable to a company as physical assets, and businesses must take the same precautions to protect digital assets as they would for physical assets. Client and partnership information, login details, business emails, digital chat messages, recorded conference calls, email lists, social media profiles, website content, and more are all considered as digital assets. By 2024, the worldwide digital asset management industry will have grown to $8.1 billion. To preserve their critical information and brand, businesses must ensure that their digital assets are safe and secure. Where to start Protecting digital assets starts by studying the company and creating a thorough inventory of what they possess – and what they might have – they should not ignore something that could be a valuable asset! Start by identifying all of the digital assets the company owns. This stage is crucial because many business owners are unaware of what their company’s digital assets include. Organizations will be able to develop a robust system to secure their digital assets after going through all of these processes and having a comprehensive grasp of their company’s digital assets and intrinsic value. Here are a few steps and practices that enterprises can adopt to protect their digital assets: Locate and list: Although not all forms of data are vital. Organizations need to segregate and prioritize their data. A data asset is something that a business can use to create revenue in the future. Images, digital content, social media, apps, proprietary processes, customer databases, proprietary information, and any organization material or intellectual property protected by copyright, trademark, or patent are all examples of digital assets. Among these digital properties such as customer databases, proprietary information, transactions and interactions etc. are crucial and the ones which help a company to generate income. Organizations can begin by making a comprehensive list of all of these assets. Segregating the data assets on the basis of which would you want or consider valuable if you were buying this company? For example, think of anything that the company has online or on its business’ server that could be valuable. They should be looking for things that are proprietary things that are important for the company to run. Consider these digital assets as crucial items. Protect your network and stay updated: Most firms today rely heavily on their networks. To secure the safety of the company’s digital assets, you must adopt professional network security measures. The most prevalent approach for hackers to obtain access to a company’s digital assets is through security flaws and vulnerabilities. Ensure that the firewall is turned on and that the firmware and software are up to date. Companies should make a habit of updating their operating system and other programmes. Limit access and use secure authentication: Not everyone in an organization requires complete access to all digital assets and applications. Limit application access to only those team members who require it. Organizations can also choose who can see, edit, or download digital assets by setting permissions in certain programmes. For remote workforces, organizations can use a password manager programme to store encrypted passwords online to keep such applications secure. Organizations can use secure authentication, such as two-factor authentication, to offer an extra degree of security in addition to limiting and restricting access (2FA). If a hacker gains access to an employee’s password, the hacker will be unable to access the company’s digital assets. After entering the password, the user is asked to answer a question or enter a second one-time password, which is often given by text message, to validate the user’s identity. Educating employees: Employee education is also important for safeguarding your company’s digital assets. Ensure your employees are familiar with cybersecurity best practices, such as what to do and what not to do when using public Wi-Fi, utilizing their devices, and accessing specific applications. Data backup & data encryption: Copying files and data to a secondary location is known as data backup. A robust disaster recovery plan relies heavily on data backup. Companies who do not take data backup are often at jeopardy from software or hardware errors, data corruption, malicious hacking, user negligence, natural disasters, or other unpredictable circumstances. Backups allow you to recover files that have been lost, erased, or rewritten. Backups can be archived locally on hard drives or storage devices, remotely at another physical location, or on the cloud. This cloud infrastructure could be public, private, or hybrid. Irrespective of the state whether the data is in transit or at rest, it is always vulnerable. To keep data safe while in transit, encrypt it before uploading it. Authenticate the endpoints before decrypting and verifying them at their destination. You must use security access policies to secure data at rest. Control who has access to the data, what data is accessible, and where it is stored safely. Taking cyber insurance into consideration: Cyber insurance can help businesses safeguard their digital assets from cyber threats. It can help companies cover the cost of disaster management and legal expenses, along with the amount spent retrieving the network on the occasion of ransomware attacks. When it comes to recovering from a hack, cyber insurance might make all the difference. When it comes to recovering from a hack, cyber insurance might make all the difference. Addressing the bottom-line Knowing how to safeguard digital assets in the short and long term is critical to your company’s overall value…

International

Cybersecurity Research: 76% of Organizations Admit to Paying Ransomware Criminals, with One-Third Still Unable to Recover Data

MassMediaLink India LLP SecurityLink IndiaJuly 15, 2022November 14, 202409 mins

Businesses are losing the battle when it comes to defending against ransomware attacks, according to the Veeam® 2022 Ransomware Trends Report, which found that 72% of organizations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom. Veeam Software, the leading company in backup, recovery and data management solutions that deliver Modern Data Protection, found that 80% of successful attacks targeted known vulnerabilities – reinforcing the importance of patching and upgrading software. Almost all attackers attempted to destroy backup repositories to disable the victim’s ability to recover without paying the ransom. The Veeam 2022 Ransomware Trends Report reveals the results of an independent research firm that surveyed 1,000 IT leaders whose organizations had been successfully attacked by ransomware at least once during the past 12 months, making it one of the largest reports of its kind. The first of its kind study examines the key learnings from these incidents, their impact on IT environments and the steps taken to implement Modern Data Protection strategies that ensure business continuity moving forward. The research project specifically surveyed four IT persona (CISOs, Security Professionals, Backup Administrators and IT Operations) to understand cyber-preparedness alignment across organizations. “Ransomware has democratized data theft and requires a collaborative doubling down from organizations across every industry to maximize their ability to remediate and recover without paying the ransom,” said Danny Allan, CTO at Veeam, “Paying cybercriminals to restore data is not a data protection strategy. There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity.” Paying the ransom is not a recovery strategy Of the organizations surveyed, the majority (76%) of cyber-victims paid the ransom to end an attack and recover data. Unfortunately, while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data – resulting in a one out of three chance that paying the ransom still leads to no data. It is notable that 19% of organizations did not pay the ransom because they were able to recover their own data. This is what the remaining 81% of cyber-victims must aspire to – recovering data without paying the ransom. “One of the hallmarks of a strong Modern Data Protection strategy is a commitment to a clear policy that the organization will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,” added Allan, “Despite the pervasive and inevitable threat of ransomware, the narrative that businesses are helpless in the face of it is not an accurate one. Educate employees and ensure they practice impeccable digital hygiene; regularly conduct rigorous tests of your data protection solutions and protocols; and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios.” Prevention requires diligence from both IT and users The ‘attack surface’ for criminals is diverse. Cyber-villains most often first gained access to production environments through errant users clicking malicious links, visiting unsecure websites or engaging with phishing emails – again exposing the avoidable nature of many incidents. After having successfully gained access to the environment, there was very little difference in the infection rates between data center servers, remote office platforms and cloud-hosted servers. In most cases, the intruders took advantage of known vulnerabilities, including common operating systems and hypervisors, as well as NAS platforms and database servers, leaving no stone unturned and exploiting any unpatched or outdated software that they can find. It is notable that significantly higher infection rates were reported by Security Professionals and Backup Administrators, compared with IT Operations or CISOs, implying that “those closer to the problem see even more of the issues.” Remediation starts with immutability Respondents to the survey confirmed that 94% of attackers attempted to destroy backup repositories and in 72% of cases this strategy was at least partially successful. This removal of an organization’s recovery lifeline is a popular attack strategy as it increases the likelihood that victims would have no other choice than to pay the ransom. The only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework – which 95% of those we surveyed stated they now have. In fact, many organizations reported having some level of immutability or air-gap media in more than one tier of their disk, cloud and tape strategy. Other key findings from the Veeam 2022 Ransomware Trends Report include: Orchestration matters: To proactively ensure recoverability of their systems, one in six (16%) IT teams automate the validation and recoverability of their backups to ensure their servers are restorable. Then, during remediation of a ransomware attack, 46% of respondents use an isolated ‘sandbox’ or staging/ test area to ensure their restored data is clean prior to reintroducing the systems into production. Organization alignment must unify: 81% believe their organizations’ cyber and business continuity/disaster recovery strategies are aligned. However, 52% of respondents believe the interactions between these teams requires improvement. Diversifying the repositories holds the key: Nearly all (95%) organizations have at least one immutable or air-gapped data protection tier, 74% use cloud repositories that offer immutability; 67% use on-premises disk repositories with immutability or locking; and 22% use tape that is air-gapped. Immutable or not, organizations noted that in addition to disk repositories, 45% of production data is still stored on tape and 62% goes into a cloud at some point in their data lifecycle.