As the world transitions online, cyber threats have increased dramatically. Ransomware seems to have capitalised the most. In the last few months, a slew of organisations from different countries had to deal with increasingly sophisticated ransomware attacks.
Given the vast amounts of data being produced, especially in the COVID-19 era, backups are critical as they offer a fallback in the event of a cyber breach. But having more comprehensive, robust data protection strategies is the need of the hour.
In the increasingly volatile, uncertain, complex, and ambiguous (VUCA) environment, organisations should be covered 24/7, year-round. They need systems that offer multi-protocol support for the vast amount of data they have and ones that can deliver results at an unprecedented speed. Platforms need to be designed to be fully customisable and easy to deploy for the best user experience so users must be able to expand and upgrade it conveniently and without disruption.
The solution must have the capability to protect saved data and must also backup metadata by creating a secure copy that ransomware cannot eradicate, modify or encrypt even with admin credentials. The good news is that there are a plethora of ways for a business to meet their Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) from snapshots to mirroring.
This was the focal point of the OpenGovLive! Virtual Breakfast Insight held on 7 July 2021. This session aimed to provide the latest information on prioritising data backup to defend against ransomware threats, ensuring compliance and critical data availability.
This session served as a great peer-to-peer learning platform to gain insights and practical solutions to integrate cutting-edge tools and technologies for public sector communication and to scale these, as necessary.
Finding Partners to Recover Data
To kickstart the session, Mohit Sagar, Group Managing Director and Editor-in-Chief at OpenGov Asia delivered the opening address.
While the adoption of different technologies significantly increased during the pandemic, the solutions cannot be termed digital transformation as organisations, for the most part, deployed band-aid technologies and ad-hoc platforms to stay afloat.
When the pandemic started, people thought that cybercrime would also slow down. Contrarily, cyber actors used the pandemic as an opportunity to increase attacks taking advantage of the remote working models in place.
In this context, it is important to have robust data protection as well as cybersecurity, including safeguards from possible ransomware attacks. However, government agencies also need to focus on enhancing citizen experience and provide them with simplified and personalised services.
Pushed by COVID-driven needs and used to private sector delivery quality, citizens expect services at an unprecedented level. The open market offers not only a wide variety of options but the ease of business and efficient service. The benchmark of personalised customer experience has been set by retail outlets that utilise a plethora of cutting edge solutions. As a result, people have become even more demanding about what they want and have expectations of how it should be provided.
In perspective, though, while personalisation is a critical part of delivering the best experience for citizens, it does make agencies more vulnerable to cyberattacks.
Instead of merely focusing on the security aspect, Mohit suggests, organisations should concentrate on data recovery if data gets taken away.
Mohit emphasised the importance of partnership in securing and recovering data. Finding the right partners is paramount in recovering agencies’ critical data. Having competent partners who can focus on the data protection, data recovery and compliance needs against ransomware threats, allows agencies to focus on their main tasks and key deliverables.
Modernising Data Protection and Data Recovery
The delegates next heard from Sunil Chavan, Vice President- Emerging Technology Solution Sales, APJ, Pure Storage who discussed how ransomware impacts data management strategy.
Ransomware is now a national security issue for countries around the world evidenced by the many recent ransomware attacks. Most recently a backup software company was attacked by ransomware. Even a company that is supposed to help customers to manage their backup can also be a victim of a ransomware attack. This incident highlights the fact that no organisation is immune to ransomware.
Such cyberattacks are a serious problem that impacts a lot of people and organisations. Ransomware threats can affect any system simply and quietly. A survey shows that in May 2021, Asia Pacific experienced a 168% increase in cyber attacks and the vast majority of those attacks are ransomware.
In the financial industry, the global financial sector takes on average 177 days to identify a breach and another 56 days to contain the breach. Ransomware and destructive malware breaches cost more than the average malicious attack. The average cost for malicious attacks that destroyed data in destructive/wiper-style attacks is US$ 4.52 million while the cost for ransomware attacks is US$ 4.44 million.
In dealing with ransomware, the main issue is not what the agencies can do before the attacks, but how to recover data once the agency is attacked by ransomware. Recovering data quickly requires agencies to modernise current data protection.
Pure Storage has a feature called SafeMode to store data safely and when data are locked due to ransomware, agencies can take the safe copy and recover the business quickly. This mode enables organisations to lock down data from malicious attacks. It creates read-only snapshots of backup data and associated metadata catalogues. Their snapshots cannot be deleted, encrypted or modified.
Numerous governments have pledged that they will not pay ransom to the cyber actors. Hence, agencies need to make everything back to normal so citizens will not suffer the consequences of not being able to access the services.
Pure Store offers four solutions to empower agencies:
- Activate modern analytics: Leverage more of agencies’ data to accelerate time-to-insight and support Artificial Intelligence (AI) initiatives
- Accelerate core applications: Enable rapid response times with enterprise resiliency and game-changing cost reduction
- Enable hybrid cloud: Design applications that take advantage of the agility and innovation of multiple clouds at the same time
- Modernise data protection: Deliver industry-leading availability while enabling comprehensive data protection across the enterprise.
In closing, Sunil shared that Pure Storage has been focusing on improving data protection activity and will continue to improve its services in the face of ransomware threats.
Technology Case Study
The next speaker Rachel Dixon, Privacy and Data Protection Deputy Commissioner at the Office of the Victorian Information Commission elaborated on risk-based frameworks as an efficient strategy to identify critical data.
Victoria is one of the first jurisdictions in the world that has legislated information security standards. As any organisation can be the victim of a ransomware attack, reducing the risk is essential to make the organisation less vulnerable. Rachel agreed that the importance of a risk-based framework to determine the most important data to protect in the face of ransomware attacks is critical.
For Rachel, the most fundamental aspect of data protection is to clearly understand the data and identify which data is critical. Hence, data assessment is necessary to figure out the amount of data, the place of the data, who has access to the data. All of the information about the data needs to go into an information asset register. Without it, the organisation will not know what data they lost once they get attacked.
Rachel reminded everyone that while data can be a great asset, it can also be a liability if it is not governed well. Agencies need to do a risk assessment on the data and figure out the impact to their agencies if the data gets compromised.
Rachel showed how the Victorian government assess the impact level of data:
- No business impact: Unofficial information refers to content that is not related to official work duties or functions.
- Minor: Information at this level refers to the majority of government information created, used or handled by the Victorian public sector. This may include content relating to routine business operations and services.
- Limited: Information at this level commonly includes sensitive material created, used or handled by the Victorian public sector. This may include content that has limitations restricting its use, disclosure or dissemination.
- Major: Only a small number of Victorian government organisations within Victoria should create, use, or handle information at this level. This may include content that would have major implications if breached, based on the particularly sensitive nature of the information
- Serious: Extremely limited number of Victorian government organisations within Victoria should create, use, or handle information at this level. Given the rare nature of this content, only information deemed to have serious implications if breached would be considered in this category. Information at this level will have strict access and dissemination restrictions due to serious risks associated with it.
- Exceptional: Victorian government organisations who will create, use, or handle information at this level will be extremely rare.
The security plan consists of three aspects – confidentiality, integrity, and availability. Besides doing a risk assessment, organisations can reduce risks by outsourcing high-risk online features such as payment to a third-party gateway.
In closing, Rachel reiterated that since ransomware attacks cannot be prevented fully, the best thing to do is to make their agencies less attractive targets than less prepared agencies.
Interactive Discussion
After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences and impart professional learning and development for participants.
The first question asked what the agencies’ most important IT priority was. Almost half of the delegates (48%) prioritised digital transformation and innovation. A little more than a quarter (28%) chose compliance with government legislation as their main focus. A quarter (24%) focused on improving efficiencies and reducing maintenance costs. Rachel emphasised the importance of a risk-based framework to make sure agencies pay attention to the most important thing.
The next query was on why digital transformation requires new IT strategies. A little more than two-thirds (76%) agreed that evolving business value is the main reason why new IT strategies are necessary. The remaining delegates were equally divided between new IT enablers (12%) and partnering for capabilities (12%) as the reason for the necessity of new IT strategies.
On the issue of the biggest challenge for their organisations when faced with a ransomware attack, delegates were evenly split between the long time required to recover data from backup (36%) and citizens’ confidence in the organisation (36%). A little more than a quarter (28%) chose compromised backup copy as their biggest challenge.
On being asked about the most important feature that the delegates expect from Kubernetes Data Services Platform, half (50%) chose elastic scalability and agility to run in the cloud, on-prem, and in hybrid/multi-cloud environments. The balance participants fell equally between data protection and data security (20%) and ease of migration across clusters, racks and clouds (20%).
The last question inquired about which infrastructure tech modernisation areas that agencies are investing in or planning to invest in support of digital transformation. Almost two-thirds (63%) have invested in or planned to invest in Data Services (protection, location optimisation, security and compliance, integration and orchestration) for hybrid cloud. Almost one-fifth (18%) chose converged or aggregated infrastructure. Only 14% chose the service approach and the remaining delegates (8%) chose ransomware protection.
Conclusion
The Virtual Breakfast Insight ended with the remarks from Catharina Hadiningtyas, Country Manager at Pure Storage. Catharina gave a recap of SafeMode as the feature that can help agencies to recover data quickly. This element can help agencies that are currently facing a problem of slow recovery.
She thanked everyone for actively participating in the discussion. The feedback from delegates gave Pure Storage insights on the challenges that Indonesian government agencies are currently facing and the priorities they are focusing on.
