Ransomware or cyberattack? Am I Secure?
It’s hard to read or watch or listen to any news source without seeing a story about ‘ransomware’ or ‘cyberattack’. Are you secure?
Hint: This is the wrong question.
We think that workstation protection is the ‘less important’ end of the spectrum when it comes to protection and security.
Kesem thinks of security as just one component of ‘protection’ rather than an end in itself. Protection is a far more encompassing concept than just ‘security.’ Yes, you absolutely need workstation protection in the form of ant-virus, anti-malware and web-inspection software. Yes you need local security. But you need more as well.
What you really need is to be is ready.
What we’re talking about is a multi-pillar approach to prevent bad things from happening to your computer and your data. While we cannot prevent the impact of an attack that’s truly new, we can mitigate it, minimize, or eliminate the negative effect on your business. In the case of a ‘re-used’ exploit, we can minimize the potential impact as well.
You need to develop and implement a four pillar approach to security for your business:
• operational stability
• preservation, and
These pertain to not just one aspect of your technology resources, but to all of them.
The ‘myth’ of total security is dispelled in one sentence:
By definition, anti-virus software protects you against threats that are already known, or threats that ‘look like’ one that is already known. There’s nothing, absolutely nothing, in the realm of computer security that prevents the attack that’s never been seen. So, readiness along with protection is a better way to conceive of what you should be trying to achieve.
• First, one needs security against known threats and that security comes in the form of its own multi-layered approach.
• Next, you want to achieve operational stability, or predictability and reliability. These are all key elements of having computers and systems that help you run your business smoothly and avoid getting caught up in the spiral of reduced production and increased costs.
• Beyond that, data preservation is a critical factor in protection. There’s tons of reasons to preserve data. The legal requirement to keep business records for seven years is one easy example that leaps to my mind.. This can be a somewhat broader discussion than just ‘data.’
For example, in considering data preservation, you might think about document management, or structured document storage methodologies. None the less we find it useful to consider ‘data preservation’ because it fits into whatever your current paradigm is, and makes you think about other aspects of your business that aren’t necessarily digitized or fully automated.
• Finally, there’s recoverability. Even if the other three pillars are in place and regardless of efforts you take to accommodate or consider them, your overall strategy needs to include recoverability. In the event of some type of breach or corruption or disaster, one has to be able to recover and get running again. How that happens, what methods you use, and what the costs are, are all based on ‘time to recovery.’
In future articles, we’ll cover how to be ready with these four pillars of protection. We’ll discuss the issues around them that drive costs. And we’ll offer some suggestions on how to think about these issues.