Feeling overwhelmed by growing needs for cyber protection? Each hour brings a new tale of bad actors and cyber breaches. Cybersecurity does not have to be difficult, especially if agencies follow federal standards, such as those developed by the National Institute of Standards and Technology.
Standards create the basis of security controls on which everyone can rely, said Richard Breakiron, Senior Director for Strategic Initiatives, Federal Sector, with Commvault, which provides agencies with comprehensive, intuitive, enterpriselevel data management solutions. “Many people say cybersecurity is hard, and while complex to get started, establishing effective cybersecurity becomes easier once there’s a culture of understanding that standards are the fundamental linchpins to the way you do business,” he said. “That awareness demystifies the building of a cybersecurity foundation.”
It starts with the simple things, much like driving a car, he said: Everyone knows to buckle their seatbelts and use their directionals before turning. These essential security and safety practices become second nature.
The Fundamentals
The first step: Identify what you have, said Breakiron. Then prioritize your most important data, develop a data protection strategy, monitor your security measures once implemented, and respond to an attack when it occurs. Backups allow agencies to recover compromised data, he said, but even backups are cyber targets.
“You need to have a copy that is literally immutable. When an event occurs, you need to bring back that clean copy,” he explained. Today’s ransomware targets include operational backups, which are stored locally on a computer or network and designed for data recovery after power outages and human error, to maintain operational resiliency. Immutable backups can undermine a ransomware attack.
Using Data
Data is the lifeblood of agencies today, turning ideas into tangible, potentially income-generating resources — therefore, protection of the data and the process to access it becomes pivotal. Yet data protection, Breakiron noted, “has gotten exponentially harder in the last 20 years [thanks to] the internet and the volume, variety and velocity at which data moves.” Ensuring that data is always available to an organization, as Commvault does, “is the ultimate cyber backstop.”
A comprehensive approach to data management, security and restoration includes the immutable, air-gapped backups. Agencies also must be able to retrieve data at a granular level, Breakiron said. Storing data with metatags allows you to later access only that file, saving time and expense, rather than extracting data you don’t need.
Resiliency
Commvault Cloud sends automated, AI-generated cyberattack alerts upon detecting an unknown data source. This technology saves and quarantines the unknown data, then notifies a human response team, Breakiron said.
Sometimes the new source is innocent: An employee joined the organization and someone forgot to notify others. But as the state of Colorado discovered, the source could be nefarious — a server stood up by adversaries planning a cyberattack. “At Commvault, using NIST standards, we deliver a data-resilient foundation to ensure cyber resiliency for agencies,” Breakiron said.
This article appeared in our guide, “The 2024 Cyber Agenda.” To learn more on the cyber outlook for the coming year, download it here:
Leave a Reply
You must be logged in to post a comment.