It’s time to rethink cybersecurity.

For many years, organizations have focused their security efforts on endpoint protection. Firewalls, antivirus software, intrusion detection and anti-spyware tools are all effective to a point, but they are failing to stop the vast majority of threats.

A recent ServiceNow survey of 300 chief information security officers found that 81% are highly concerned that breaches are going unaddressed and 78% are worried about their ability to detect breaches in the first place. IBM’s 2017 X-Force Threat Intelligence Index reported a 566% increase in the number of compromised records in 2016 compared to the previous year. FireEye reported that the average time it takes an organization to detect an intrusion is over 200 days.

Endpoint security measures will only become less effective as the number of endpoints proliferates. Smart phones introduced a whole new class of threats, and the internet of things (IoT) will add billions of endpoint devices to networks over the next few years, many of which have weak or no security.

That’s why cybersecurity, in the words of Cisco CEO Chuck Robbins, “needs to start in the network.” The approach that Cisco is championing recognizes the reality that breaches today are inevitable but that they needn’t be debilitating. The increasing popularity of security operations centers shows that IT organizations are shifting their attention to creating an integrated view of all the activity on their networks – including applications, databases, servers and endpoints – and adopting tools that can identify patterns that indicate a breach. For example, multiple access attempts from a certain IP address or large outbound file transfers may indicate an intrusion, and that activity can be stopped before much damage is done.

Fortunately, technology is evolving to support the network-centric approach. Big data platforms like Hadoop have made it practical and affordable for organizations to store large amounts of data for analysis. Streaming platforms like Apache Spark and Kafka can capture and analyze data in near real-time. Machine learning programs, when applied to large data stores like Hadoop, can continuously sort through network and server logs to find anomalies, becoming “smarter” as they go.

And the cloud presents new deployment options. That’s why security is rapidly migrating from dedicated hardware to cloud-based solutions using a software-as-a-service model. Grandview Research estimates that the managed security services market was worth more than $17.5 billion in 2015, and that it will grow to more than $40 billion in 2021. As organizations increasingly virtualize their networks, these services will become integrated into basic network services. That means no more firmware upgrades, no more site visits to fix balky firewalls and no more anti-malware signature updates.

It’s too early to say that the tide has turned favorably in the fight with cyber-criminals, but the signs are at least promising. It’s heartening to see Cisco making security such important centerpiece of its strategy. Two recent acquisitions – Jasper and Lancope – give the company a prominent presence in cloud-based IoT security and deep learning capabilities for network and threat analysis. The company has said that security will be integrated into every new product it produces going forward. Perhaps that’s why Robbins has called his company, “the only $2 billion security business that is growing at double digits.”

Security solutions are not enough to fight ransomware. Make sure you have a good recovery strategy.

If the notion of ransomware was unknown to you until now, the attack of the WannaCryptor virus of May 12th that has had global repercussions in all spheres of activity has certainly made you aware of the consequences of such attacks that know no borders.

Computer attacks by ransomware cost businesses millions of dollars a year and are becoming increasingly sophisticated and difficult to avoid. The peculiarity of this type of attack is that it spreads quickly through shared files, sometimes in a matter of hours, as the attack of May 12 demonstrated. Ransomware generally infiltrates through the weakest point in the network, typically the user’s email account or social networking sites.

The ransomware locks the computer or encrypts the files, requiring payment of a “ransom” to give users access to their data. But the payment of the ransom does not guarantee the recovery of the data *, not to mention that organizations which give way to the hackers blackmail become targets of choice for a next time…

If you are lucky, your business was not targeted by the virus and you feel relieved to have been spared. In this case, remember the lesson: you were lucky this time, but rest assured that this type of attack will happen again, and that your organization may well be the victim next time.

Forward-thinking organizations have invested large sums of money to secure their IT environments and the data that transits them, which is often critical and whose destruction can jeopardize business continuity. Although security solutions are part of the equation when it comes to protecting your assets, they are only part of the strategy to counter these threats.

A complete solution to protect you from viral attacks must include a recovery plan with accessible and full backup copies in order to restore your environment as it was before the attack.

Implementing a recovery plan gives you assurance that you can quickly recover and minimize your idle time, which is often the weakest link in the management of computer attacks. The faster you get back to your pace, less your customers and suppliers will have to turn to alternatives that could ultimately be very costly to your business and reputation, even putting it at risk.

Companies that have industry-specific compliance standards are generally more aware and better equipped to quickly restore their infrastructure in the event of an attack. To find out if your company  has an adequate recovery strategy, ask yourself the following questions:

  • Is your backup off site (i.e. away from your primary site)?
  • Can you verify that the backups are happening?
  • How quickly can you restore data that’s taken hostage?
  • Is your original data backed up in an unalterable way, ensuring a complete and integral recovery of your data in the event of a ransomware attack?

By answering these questions, you will take the first step to address the gaps in your recovery strategy in the event of a computer attack. Be prepared to face upcoming threats to protect your assets!

* A recent survey found that of those victims of ransomware who paid the ransom, only 71% had their files restored.