Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves

Dish Network. Uber. The data networks of several major US airports.

These are only three examples of organizations targeted by cyberattacks — a scourge seemingly as constant as it is inevitable. Data networks are the basic plumbing of modern life, which is why the bad guys are continually devising new ways to seize or freeze networks, or hold them hostage for ransom. Over the next two years, according to a recent survey, security executives expect an increase in attacks as cybercriminals and other bad actors become even more prolific.

As a long-time information technology executive, I've come to a basic realization: The cybersecurity war will never end: It will be an endless series of battles. We'll win some and we'll lose some. The level of the losses may be within our control. But giving ourselves a chance in this fight means acknowledging that yesterday's successful defensive tactics may already be obsolete. We must continue to innovate.

Data has never been more valuable or more vulnerable than it is today. Ransomware has evolved from taking data hostage to new and malicious ways of monetizing and exploiting businesses and personal data.

But whatever the motivation of an attacker — hackers showing their prowess, hostile governments attacking perceived enemies, criminal greed — the key to being a guardian of one's data is recognizing that security must be built into a data system, not bolted on.

Finger-Pointing Is Pointless

Built-in security is more than technology. It needs to be part of an organization's culture. I say this even while recognizing that no matter what precautions a company or organization might take, its data network is essentially Swiss cheese. Every employee with an iPhone or a laptop is potentially a hole in the system for external bad actors, even in the most innocent of cases. And of course, a disgruntled employee seeking revenge can pose an internal threat.

But cybersecurity isn't the responsibility only of network operators. Every camera, printer, router, scanner, forklift, coffee pot, or toy — everything and anything with software or firmware in it — should be built securely. The same organizations that take extra measures to ensure their products don't expose customers to health and safety should not be allowed to cut corners and ship products that expose their customers to cyber-risk.

Only by developing a culture that understands cyberattacks are inevitable can an organization hope to ensure an orchestrated team response from the get-go. That includes having a well-practiced recovery plan in place — as well as a communications plan for keeping customers, partners, regulators and the public informed about the situation.

After all, security breaches are not a problem only for the company or organization attacked. As the customers of the TV and mobile phone service provider Dish Network found out earlier this year, the risks involve everyone whose proprietary or personal data may be exposed.

Clean Backups Are Crucial

If you can restore your data crown jewels — the information most critical to your operation, whatever it involves — you have your best chance of resuming normal business. But that depends on having a tested, clean backup.

Organizations take various approaches to backing up their data as part of recovery preparedness. Too often, though, there's a false sense of security. Your data backup software must be able to ensure that whatever data your system is backing up has not been compromised. It's imperative to ensure that your backups are "clean." That means the backup tools, as they make each archived copy of the entire enterprise's data, have been scanned for anomalies or other signs of malicious activity, and any potential threats removed.

That way, if there is malicious intent, the enterprise can quickly revert to a pre-attack state from a clean-data backup without risk of reinfection. This ensures there are no "sleeper cells" still lingering that could ultimately recontaminate the data environments.

Innovation Is Constant, on Both Sides

No business is impenetrable. And no single cybersecurity solution can fully protect any modern data-intensive organization.

That's why you need to build security into your data protection strategy. Ideally, it's a multilayered approach — not only the ability to bounce back and recover post-attack, but also having early warning signals before your data is compromised.

One of the most promising security innovations I've seen in recent years is deception technology — an approach that populates a network with potentially hundreds of decoys that appear to bad actors as legitimate business assets, setting trip wires across your network.

Whatever the specific methods employed, the more hurdles and distractions to intruders are put in place, the more time a business has to detect and respond to intruders.

Cyberattacks are inevitable. The only true defense is to recognize that fact and take a proactive approach to security — building it not only into the data network, but into the organization's philosophy and culture. We can't necessarily win this war. But we can defend ourselves.