The information age is a double-edged sword. It is responsible for incredible advancements in collective human endeavour. We are more connected than ever, and those connections are faster and increasingly more immediate.
It has facilitated the production of more sophisticated visual effects – by enabling geographically-distributed teams of artists to collaborate in realtime – and has made it easier to convey content from producer to consumer. But that same technology has also made it easier for those seeking to gain advantage by exploiting others. Hidden in the digital web of interconnections are people intent on stealing your content or holding you to ransom in return for payment. This is a game that will never be finished.
I was once told by an industry insider that “the only really secure way to keep your data safe is to put it into a box with no electronic connections and guarded by sentries.” That’s not perfect either because humans are fallible, but still better because the exploiters would need to physically travel to that box. It is doubtful that anyone really wants to give up the benefits of the information age and revert to carrying information around in a guarded box. We need digital sentries and multiple lines of defense.
The COVID pandemic was, and is, a disruptor. Regardless of whether people return to working from the office in the long run or not, it showed us that people could work from home. For many, it normalised a way of working that was an inevitable outcome of the information age.
There has been a commensurate rise in software as a service (SaaS) and platform as a service (PaaS), hosted in third-party cloud environments. Combined, this has increased the attack surface for cyber-attack and ransomware. There are simply many more moving parts when teams and services are distributed, requiring greater vigilance and oversight.
Cybercrime is on the rise, forcing industry and governments to respond with updated control frameworks and standards (such as the MPA February 2022 update, CDSA App and Cloud, ISO/IEC 27001:2022) and increased requirements for auditing and compliance. Governments are investing in policies, frameworks and bodies to assist industry by raising awareness and preparing themselves (such as the Australian Government National Plan to Combat Cybercrime, and the United States’
Executive Order on Improving the Nation’s Cybersecurity).
Nearly every business that seeks to protect itself from cybercrime must place trust in others. It is simply not possible to understand how every bit of technology works, nor to thoroughly assess every possible entry vector to quantify future risks. If it were, we should never have seen the issues that affected many with SolarWinds or Log4J and other similar exploits. Poor software design and construction practices also contribute to systems that can be more readily exploited.
Attacks are challenging to eliminate, and enterprises must assume that attacks will happen at some time. A business can protect against the effects of cybercrime by ensuring there are redundant and air-gapped copies of data. When an attack occurs, critical data can be reinstated from copies that could never be reached through digital means. Recovery is often non-trivial, and the time to restore can still negatively impact business operations.
Cybersecurity is not an IT problem – it’s a whole of business and whole of economy problem, and we need to address the weaknesses with processes and technology at a rate that evolves at the same pace as the crime.
We need better technology. Most of today’s technologies are based on approaches developed decades ago. Rather than simply serially plugging each hole that arises, a fundamental paradigm shift is needed to ensure systems are more resilient to cybercrime – designed for resilience from the beginning. This will require technology vendors to think outside of the square, and for consumers to be informed to ask: how does your technology minimise the risk of cybercrime and how did you achieve that?
We will need to change our processes to reduce risk. For example, email is an excellent vector for the delivery of exploits – we might need to forego untrusted email as a method of communication in favour of closed and trusted systems. Email is just one method of communication. A risk assessment should be conducted for all forms of communication to understand how cybercriminals can exploit them and, where possible, seek more robust alternatives.
We know that the humble home letterbox is a vector for identity theft. Similarly, the more we leave data on different systems, the greater the risk of theft and exploitation. We should minimise our exposure by ensuring data lives in a location only for as long as required and no longer, and we should be very clear on who has access to what data and when.
Metadata is key to setting the context and tracking the use of data, particularly across distributed systems. It identifies who, how and when data should be used. Data management systems can use it to direct data only to intended recipients and record the entire chain of custody. Metadata can record normal patterns of use so that
abnormal patterns can be quickly identified and dealt with. It can drive the data lifecycle to ensure critical data is constantly archived and backed up, increasing resilience in the event of an attack by minimising the window for potential loss. Metadata can be used to control the lifetime of data in any given location. In short, metadata and automation are key enablers to being in
control of your data and minimising the attack surface in complex systems and workflows. And, with enough temporal metadata, we can rewind the clock to any point in time.
Arcitecta and Dell Technologies are addressing the issue of ransomware with solutions that place cybercrime at the core of systems design with multiple lines of defense. Arcitecta’s pioneering metadata and data orchestration tools and Dell Technologies powerful, industry-trusted infrastructure enable a globally-distributed edge that stays simple, performant and resilient, no matter the complexity of your workflows.
Jason Lohrey is the CTO of Arcitecta (www.arcitecta.com), which has created its own comprehensive data management platform called Mediaflux.