The Office of the Director of National Intelligence website posted this message, “The Acting Director of the National Counterintelligence and Security Center has issued his letter of endorsement for the fourth annual National Insider Threat Awareness Month in September 2022. Please join us during September to emphasize the importance of safeguarding our nation by detecting, deterring, and mitigating insider threats…”
Don Boxley, CEO and Co-Founder of DH2i (www.dh2i.com), Surya Varanasi, CTO of StorCentric (www.storcentric.com), and Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company (www.retrospect.com) have offered their thoughts:
Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com):
“Over the past couple of years, work from home (WFH) has morphed into work from anywhere (WFA). While few would argue the horrors of the pandemic, WFA could be viewed as one small positive. Organizations and their employees have learned that we can work from virtually anywhere given the right circumstances. And by circumstances, I mean, support from leadership and the right technology.
Unfortunately, the WFA paradigm has also led to an exponential increase in cybersecurity attacks – not just from external cyber criminals but from malicious internal bad actors as well. And what makes the internal threat even more dangerous is that many of these bad actors are armed with knowledge of confidential internal security procedures, which adds to their ability to cause serious harm to your organization.
We saw quite a bit of this at the start of the pandemic when people were first sent home virtually overnight to work. Many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs simply were not designed or intended for the way we work today. Both external and internal bad actors could, were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.”
Surya Varanasi, CTO, StorCentric (www.storcentric.com):
“This September 2022 marks the fourth annual National Insider Threat Awareness month. It aims to shine a spotlight on the critical importance of defending against, detecting and mitigating damages from insider threats. Indeed ransomware and other types of malicious malware attacks are not only perpetrated by external cybercriminals, but internal bad actors as well. And, the expense is not only measured in ransomware payments, but also the almost incalculable cost of operations downtime, lost revenue, legal fees, regulations compliance penalties, a rise in insurance premiums, and/or a loss of customer trust.
The need to backup data has become ubiquitous. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand the need to protect backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
What is required is an Unbreakable Backup solution that is able to create an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Additionally, the Unbreakable Backup solution should include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. Ideally, it should also deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. In deployment of such a solution, recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company (www.retrospect.com):
“During National Insider Threat Awareness month we are reminded of the multitude of reasons a sound data backup strategy and proven solutions are critical. Given today’s economic and geopolitical climate it is a given that at some point virtually all organizations will suffer a successful cyber-attack be it from internal or external forces. Given this inevitability, it makes sense that the end customers I speak with, whether they are from private, public, or government organizations, are putting an increasing focus on their ability to detect and recover as quickly, cost-effectively and painlessly as possible.
A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
Certainly, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way.”