It’s safe to assume that we need to protect presidential election data, since it’s one of the most critical sets of information available. Not only does it ensure the legitimacy of elections and the democratic process, but also may contain personal information about voters. Given its value and sensitivity, it only makes sense that this data would be a target for cybercriminals looking for some notoriety – or a big ransom payment.
In 2016, more needed to be done to protect the election and its data from foreign interference and corruption. This year, both stringent cybersecurity and backup and recovery protocols should be implemented in anticipation of sophisticated foreign interference.
Cybersecurity professionals in government and the public sector should look to the corporate world and mimic – and if possible improve upon – the policies and procedures being applied to keep data safe. Particularly as voting systems become more digitized, the likelihood of IT issues increases, so it’s essential to have a data protection plan in place to account for these challenges and emerging cyber threats.
The risk of ransomware in 2020
Four years ago, ransomware attacks impacting election data were significantly less threatening. Today, however, the thought of cybercriminals holding election data hostage in exchange for a record-breaking sum of money sounds entirely plausible. A recent attack on Tyler Technologies, a software provider for local governments across the US, highlighted the concerns held across the nation and left many to wonder if the software providers in charge of presidential election data might suffer a similar fate.
Regardless of whether data is recoverable, ransomware attacks typically cause IT downtime as security teams attempt to prevent the attack from spreading. While this is the best practice to follow to contain the malware, the impacts of system downtime on the day of the election could be catastrophic. To combat this, government officials should look for solutions that offer continuous availability technology.
The best defense also integrates cybersecurity and data protection, as removing segmentation streamlines the process of detecting and responding to attacks, while simultaneously recovering systems and data. This will simplify the process for stressed-out government IT teams already tasked with dealing with the chaos of election day.
Developing a plan to protect the presidential election
While ransomware is a key concern, it isn’t the only threat that election data faces. The 2016 election revealed to what degree party election data could be interfered with. Now that we know the risks, we also know that focusing solely on cybersecurity without a backup plan in place isn’t enough to keep this critical data secure.
The first step to any successful data protection plan is a robust backup strategy. Since the databases or cloud platforms that compile voter data are likely to be big targets, government security pros should store copies of that data in multiple locations to reduce the chance that one attack takes down an entire system. Ideally, they should follow the 3-2-1 rule by keeping three copies of data, in two locations, with one offsite or in the cloud.
It’s also important to protect these backups with the same level of care as you would critical IT infrastructure. Backups are only helpful if they’re clean and easily accessible – particularly for a time-sensitive situation like the presidential election, it’s important to be able to recover backed-up data as quickly as possible. The last thing government officials need is missing or inaccessible votes on election day.
The need to protect this data doesn’t end when voting does, however. Government IT pros also must consider implementing a strategy for protecting stored voter data long-term. Compliance with data privacy regulations surrounding voter data is key to maintaining a fair democratic process, so they should make sure to consider any local regulations that may dictate how this data is stored and accessed. Protection that extends after the election will also be important for safeguarding against cyberattacks that might target this data down the line.
Not only could cyberattacks hold voter data hostage, they may also affect how quickly the results of the election can be determined. Voter data that is lost altogether might cause an entire election to be called a fraud. This would have a far-reaching impact on people across America, and our democratic process as a whole. Luckily, this is avoidable with a data protection and ransomware response plan that gets government officials prepared for when an attack happens.
42% of companies experienced a data loss event that resulted in downtime last year. That high number is likely caused by the fact that while nearly 90% are backing up the IT components they’re responsible for protecting, only 41% back up daily – leaving many businesses with gaps in the valuable data available for recovery.
In order to select an appropriate backup solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Oussama El-Hilali, CTO, Arcserve
Before selecting a backup solution, IT leaders must ask themselves where the majority of data generated by their organization resides. As SaaS-based collaboration and storage systems grow in popularity, it’s essential to choose a backup solution that can protect their IT environment.
Many people assume cloud platforms automatically back up their data, but this largely isn’t the case. They’ll need a solution with SaaS backup capabilities in place to safeguard against cyberattacks and IT outages.
To further prevent downtime, organizations should also consider backup solutions that offer continuous replication of data. That way, in case of unplanned outages, they can seamlessly fail over to a replica of their systems, applications and data to keep the organization up and running. This is also helpful in case of a ransomware attack or other data corruption – organizations can revert to a “known good” state of their data and pick up where they left off before the incident. Generally, all backup tools should provide redundancy by using the rule of three – have at least three copies of your data, store the copies on at least two different media types, and keep at least one of those copies offsite.
Finally, it’s important to weigh the pros and cons of on-prem versus cloud-based backups. Users should keep in mind that, in general, on-prem hardware is more susceptible to data loss in the event of a natural disaster. There’s no “one size fits all” solution for every organization, so it’s best to take a holistic look at your specific needs before you start looking for a solution – and continue to revisit and update the plan as your organization evolves.
Nathan Fouarge, VP Of Strategic Solutions, NovaStor
When looking for a backup solution for your business there are a number of questions to ask to narrow down the solutions you want to look at.
Here’s what you should be prepared to answer in order to select a backup solution for your business:
- How much downtime can you afford, or how fast do you need to be back up and running? In other words what is your restore time objective (RTO).
- How much data am I willing to lose? In other words what is your restore point objective (RPO). Are you willing to just take daily backups so you have the possibility to lose an entire days’ worth of work or do you need a solution that can do hourly or continuous backup?
- How long do I need to keep historical data? Do you have some compliancy requirements that makes you keep your data for a long time?
- How much data do you have to backup and what type of data/applications do you need to back up?
- How many copies of the data and where do you want to store it? Do you want to do the recommended 3-2-1 backup solution so 3 copies of the data. Do you want to keep all the backups locally, offsite(USB drive or replicated NAS), cloud?
- Then the ultimate question of how much you are willing to spend for a backup solution.
Once you have all of those questions answered then you can look into what solutions fit your into what you are looking for. More than likely once you start looking for solutions that fit your criteria you will have to reevaluate some of the answers to the questions above.
Konstantin Komarov, CEO, Paragon Software
The most important part is how you backup your data, not how you organize it. The key aim is to provide the safety regardless of whether you back up a single database or clone the entire system. The best practice and the most cost-effective way would be to implement “incremental backups” and replicate the data both to the local storage and to the cloud.
Incremental backup is an approach when replication is performed only to some updated part of the system or database, not the entire one. This enables to shorten the time of the backup process and amount of storage space used. Replication to both the local storage and to the cloud may guaranty the best safety of your data in case the physical disk you are baking the data up to is damaged or lost.
However, to make the backup effective and non-stop, it needs to be scheduled and managed with an application deployed on some dedicated end-point which should work side-by-side with your IT infrastructure not to slow down or prevent the entire system. So, the best decision would be to build up your own backup, using open cloud backup platforms, which consists of the ready-to-go algorithm and tools to create a solution fully adjusted to the needs of a particular business.
Ahin Thomas, VP, Backblaze
When choosing a backup solution for your business, consider three factors: optimize for remote first, sync vs. backup, and recovery.
As businesses grow, implementing a strong backup strategy is challenging, especially when access to employees can change at a moment’s notice. That’s why it’s important to have a backup solution that is easy to deploy and requires little to no interfacing with employees—your COVID-stressed IT team will thank you.
Secondly, Dropbox and Google Drive folders are not backup solutions. They require users to drop files in designated folders, and any changes made to a file are synced across every device. A good backup solution will ensure all data is backed up to the cloud, and will work automatically in the background, backing up all new or changed data.
Data recovery is the final piece of the puzzle, and most often overlooked. Data loss emergencies are stressful, so it is vitally important to understand how recovery works before you choose a solution. Make sure it’s fast, easy, and works whether you’re on or off site. And test it regularly! You never know when your coworker (aka kid) will spill a sippy cup all over your laptop.
Nigel Tozer, Solutions Director EMEA, Commvault
For many organizations, the realization that their backup products are no longer fit for purpose comes as a very unwelcome discovery. Anyone arriving at this kind of crossroads faces some big decisions: one of the most frequently occurring is whether to add to what you have, or go for something new.
For anyone in that position, there are four simple considerations that can help inform decisions about backup strategy:
- Flexibility – Make sure your backup solution supports a wider ecosystem than just what you’re using today. You don’t want it to hinder your agility or cloud adoption down the line.
- Automation – Look for solutions where intelligent automation, even AI, can help dispense with the specialist or mundane elements of backup processes and free up busy IT teams’ time.
- Budget – Low cost software that needs a dedupe appliance as you grow, or an appliance with a rigid upgrade path can turn out to be more costly long term – so do your research.
- Consolidation – Many products typically means silos, wasted space and more complexity. Consolidating to a backup platform instead of multiple products can make a real difference in infrastructure savings, and reduced complexity.
While most consumers are taking necessary security precautions to protect their online accounts, businesses may not be doing enough to protect their information – inadvertently driving sales to competitors that can, an Arcserve research reveals.
A survey of nearly 2,000 consumers across North America, the United Kingdom, France, and Germany, found that 70% believe businesses aren’t doing enough to adequately secure their personal information and assume it has been compromised without them knowing it. And, as consumers become more educated and cyberattacks become well-known, perceived trust becomes more influential in their purchasing decisions, with the study also finding that:
- Nearly nine of ten consumers consider the trustworthiness of a business prior to purchasing a product or service and,
- 59% of consumers would likely avoid doing business with an organization that had experienced a cyberattack in the past year.
These findings suggest businesses must manage uncharted challenges with the rise of cybercriminals now making breaches public, regardless of ransoms paid.
Ransomware-related service disruption: Consumer tolerance threshold
Cyberattacks have arguably become the largest business threat, however the quantifiable impact on consumer behavior has not been widely understood. The study found that one in four consumers will abandon a product or service in favor of a competitor after a single ransomware-related service disruption, failed transaction, or instance of inaccessible information.
It also found that tolerance for these events quickly deteriorates, with:
- Over 66% of respondents citing they would turn to a competitor if an organization couldn’t restore systems and applications within three days following a cyberattack and,
- Over a third of those would be willing to switch after a mere 24 hours of waiting to access their information or make a transaction.
Moreover, the potential damage doesn’t stop during or shortly thereafter a cyberattack event. More than eight in ten respondents admit to sharing their negative, ransomware-related experiences with family, friends or colleagues, posting about their experiences online, or emailing about the incidents.
Certain industries fare better than others
While the report concludes that consumers are generally intolerant of cyberattacks, there are a few industries where businesses are under even more pressure to keep data secure and operations running. The survey found that:
- Nearly half of consumers would walk away from their banking or securities provider immediately upon experiencing a ransomware-related event which prohibited them from transacting or accessing information and,
- 43% would immediately seek out a competitive communications product or service.
While there are many negative ramifications caused by cyberattacks, businesses that take proactive steps and mitigate ransomware quickly will benefit in the long run.
Over half of respondents would be willing to pay more for products and services they believe to be more reliable and secure in the banking and securities industries, and over 40% would pay more if they believed products and services were more secure from companies in the healthcare, insurance, and retail categories.
“Consumers are clearly already hesitant about working with companies hit by cyberattacks, and they just won’t tolerate disruption as businesses figure out recovery and remediation plans after-the-fact,” said Arcserve CTO Oussama El-Hilali.
“The findings represent a stark warning for all organizations given that one in four of their customers will be gone immediately upon disruption, with many more losing patience within 48 hours.
“Businesses must do more to ensure they’re protecting their data from cybercriminals and mitigating the chance they’ll experience extended downtime. We recommend a two-pronged approach where cybersecurity, backup and disaster recovery are deeply entwined.”
Brno University Hospital, in Brno, Czech Republic, which is one of the country’s Covid-19 testing centers, has recently been hit by a cyberattack. The nature of the attack has yet to be shared, but looks like it might be ransomware. The result? Some surgeries have been postponed and some patients redirected to nearby hospitals.
On Sunday, the US Health and Human Services Department was hit by a distributed denial of service (DDoS) attack that, luckily, did not impact the agency’s operation in a meaningful way. Its website, which provides information to the US public about how to cope with the Covid-19 situation, was not affected by the attack.
By now, those hoping that cybercriminals would spare healthcare organizations from cyber attacks while the Covid-19 virus spreads across the world must have realized that there are always people who have no qualms about exploiting a bad situation for their own advantage.
Nothing’s changed, really
“We’d like to think that in a world where everyone is effectively in the same boat, a sense of togetherness, an unwritten code of conduct, or even a sense of morality would prevent bad actors from doing bad things – even if just temporarily. This obviously is not the case and if anything should serve as a reminder to organizations that one threat hasn’t been traded for another,” Adam Laub, CMO, Stealthbits, told Help Net Security.
“To the contrary, individuals and groups that prey on the weak will likely look to take advantage of this dire situation, causing more disruption to organizations already reeling from the financial distress, business disruption, and human resource nightmare the coronavirus pandemic has inflicted in just a short period of time,” he added.
“What’s particularly disturbing about this latest incident at the U.S. Health and Human Services Department is that the intent of the attack appears to be driven entirely by malice, seeking only to prevent the men and women trying desperately to protect millions of American citizens from harm from doing their jobs, as well as spread false information in order to generate more panic and uncertainty.”
Patients might end up bearing the brunt of successful cyber attacks but, Covid-19 or no Covid-19, the danger for healthcare organizations has effectively remained the same – only the stakes got higher.
Healthcare organizations must remain vigilant on all fronts
It is crucial for healthcare organizations and agencies not to ignore cybersecurity and data protection at this moment.
Nurses and other healthcare professionals are, according to Proofpoint, one of phishers’ preferred targets as they have access to all the data.
Generally, healthcare organizations share many weak links and attack surfaces as every other industry – phishing attacks on employees, cloud infrastructure and a remote workforce – but there are some challenges only they face, notes Sam Roguine, a director at Arcserve.
These include the security of medical devices, Wi-Fi access for patients (the patient Wi-Fi network should be fully isolated from the primary one) and, at the moment, shifting priorities driven by the Covid-19 outbreak.
“If the scenarios in Italy or China were to repeat in the United States, many hospitals will be in ‘Code Black,’ which is when the influx of patients is bigger than what hospital can handle. Hospitals will have to prioritize patient care, reducing the focus on everything else, including business continuity and disaster recovery (BCDR) and cybersecurity. This is a gap that hackers are going to leverage,” he noted.
Healthcare organizations must implement best-in-class centralized security with enhanced detection and response, review security practices, and include every aspect of the organization’s operations – not just obvious IT systems like servers, but also medical devices, employees wearables, cloud services, patient systems, and more, he says, and recommends them to follow the NIST Cybersecurity Framework for every aspect of their operations.
“CISOs must remain very vigilant. Cyberattacks can and will affect hospital operations, and the ability of healthcare organizations to cope with Covid-19 patients. When CISOs plan for scenarios like this one, cybersecurity, backup, disaster recovery and continuous availability technologies cannot be underestimated or placed on the backburner,” he concluded.