Defense now and cyber resiliency now requires the same kind of ongoing attention and creativity and constant vigilance that we typically think of for things like offensive operations.
Jeff Reichard
Vice President for Public Sector and Compliance Strategy, Veeam Government Solutions
Improving resiliency and assuring high availability isn’t a new idea, but what agencies really need to do now is establish cyber resiliency, advises Veeam’s Jeff Reichard.
“Cyber resiliency is designed to deal with an active adversary not just with a power failure or with something like a storm or a natural event,” said Reichard, vice president for public sector and compliance strategy at Veeam Government Solutions, in an interview with Federal News Network.
Of course, it takes into account some of the typical things that people expect from a resilient organization, he said, noting continuity of operations, high availability, multiple backups and replicating workloads, as a few examples.
Taking an offensive cyber posture
A critical difference is that organizations need to be on the offense, not the defense because most are under continual attack from bad actors, Reichard said.
“It’s no longer enough to set up a defense — or in the case of backup and replication, set up your backups or set up your alternate site — and figure that your work is done,” he said. “Defense now and cyber resiliency now requires the same kind of ongoing attention and creativity and constant vigilance that we typically think of for things like offensive operations.”
Veeam’s own research underscores this need, Reichard said. Its 2022 Data Protection Trends Report found that for public sector respondents, cybersecurity incidents were deemed not only the “most impactful,” but they were also the most common cause of outages.
It shouldn’t really come as a surprise, he added, given that both criminals and adversary nation states continually threaten and attack federal systems,
Offensive protection in hybrid environments
The attack surfaces at agencies, as well as the cyberattacks on those surfaces, accelerated with the COVID-19 pandemic as agencies dispensed with network perimeters and began supporting users at thousands of disparate locations simultaneously. Today, as agencies adjust to a new normal supporting on-premise, cloud and edge computing 24/7, they have to take this offensive posture, Reichard advised.
Attacks happen across all three environments, therefore so must security efforts, he said, and relying solely on baseline security in products and cloud services is just a start, he said.
Organizations must layer in all the protections to ensure continuity but also provide continuous monitoring. That’s necessary to make sure that as an organization’s hybrid environment adapts and adjusts to support workforce and mission demands, its data remains protected and readily available, Reichard said.
Beyond the ‘3 2 1 Rule’
Typically, IT teams have applied a the “3 2 1 Rule” when it comes to backup and workload replication — meaning three copies of data, stored on two types of media, with one copy offsite.
That’s not enough anymore, Reichard said. Here’s why: Given the nature of today’s attacks, an organization must assume that a threat actor has been on its network for some time, has compromised the administrative credentials and possibly can delete all three data copies.
“One or more of those backup copies need to be secured in such a way that even an adversary who has compromised admin credentials can’t delete it. … That kind of capability is really, really critical now,” he said. What’s more, agencies must also be able to use that backup data for “secondary purposes, like patch testing or digital forensics — in the case that you do have a security incident.”
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.