Through a combination of holistic, proactive data and identity security management, organizations will be better placed to thwart cyberattackers.

As cyberattacks continue to increase worldwide, business leaders are coming to the realization it truly is a matter of ‘when’, not ‘if’, their organizations will be breached. 

In response to these growing threats, CIOs and CISOs can plan to increase cybersecurity spend in 2024. However, a shift in mindset is needed as to how this money is spent if organizations are to ensure cyber resilience.  

Rather than continue to focus solely on their perimeter defenses, organizations should adopt an ‘assumed breach’ security posture.

The ‘assumed breach’ posture

While perimeter defenses are important, they are not foolproof.

An assumed breach mindset means understanding that motivated attackers will get through perimeter defenses. As such, more focus is given to ensuring business critical data can be rapidly recovered following an attack. 

In doing so, an organization will be in a better position to recover, as it will have sufficiently prepared its teams for such disruptions. Data security should be prioritized as part of a holistic cybersecurity strategy that is done proactively, rather than one that is done after a breach has occurred.

Chee Wai Yeong, Area Vice President (APJ), Rubrik

Adopting an assumed-breach posture requires several steps:

    • Enabling a zero trust data security model
      A zero trust model is the first step. The model does not assume implicit trust, and grants the least privilege to a verified user, to access information they are assigned to — and nothing more. Through this model, organizations can significantly reduce the impact of a breach. For example, it minimizes the attacker’s ability to move laterally through the network even when user credentials have fallen into attackers’ hands. Most importantly, the zero trust approach ensures that critical data backups remain out of the hands of malicious actors so that data copies can always be relied-on to restore operations.

    • Prioritizing recovery of data through digital solutions
      Increasingly, cybercriminals have set their sights on compromising backups as it severely hamstrings the ability of the victim to recover on their own. Cybercriminals understand that with an organization’s backup out of the equation, they will be left helpless and more likely to pay the ransoms to maintain business continuity. There is no guarantee of closure as cybercriminals have been known to renege on their word.

      To avoid such a scenario, organizations need to protect their critical data with air-gapped, immutable, and access-controlled backups. Not only does this help improve the organization’s cyber resilience, it can also transform backups into a proactive weapon against attackers. How?

      Regular threat hunting exercises within backup systems can help quickly detect indicators of compromise and reduce the blast radius of an attack. By identifying which data has been compromised, organizations can remove the problem at its root, ensuring they are not recovering from a compromised copy. Further, AI and ML models can be run against backup data to identify any sensitive data that is incorrectly stored, so that the appropriate security measures can be put in place.

Ultimately, cyber resilience is more than just prevention. It is also about rapid recovery and ensuring that when (not if) an attack occurs, it is a relatively minor inconvenience rather than a catastrophic incident. 

The sooner an organization realizes that adopting an assumed-breach posture will help them achieve cyber resilience, the less they will fear cyberattacks.