Surya Varanasi, CTO, StorCentric
“September 2021 marks the third year of National Insider Threat Awareness Month (NITAM), which according to the NITAM website aims to help prevent “exploitation of authorized access to cause harm to an organization or its resources.” While the month focuses on national security, this issue is of course inextricably linked with organizational security as well. When enterprises think about ransomware attacks, the focus is often on guarding against external threats, of which there are many. Yet companies must remember and be prepared to defend against threats from inside their organization too.
Three words hold the key to achieving this: protect, detect and recover. Given the prevailing stats, such as those from the Ponemon Institute, the likelihood of an insider threat existing and then leading to a successful data breach is high and growing rapidly. It is therefore critical that the recovery piece be firmly in place. Two highly critical best practices here relate to your data backups. Organizations must ensure they have unbreakable and immutable backups. The ideal solution(s) should include features like file fingerprinting, file redundancy, file serialization, secure timestamp, and auto file repair, as well as the necessary capabilities to ensure regulatory compliance. And the admin keys should be stored in another location for added protection. Next, the solution should provide immutability and allow the user to lock backups for a predetermined period of time: an “immutable retention period,” during which they cannot be deleted, moved or altered in any way.
Corporate defenses should be equal to the level of threat-which means assuming the worst and putting the best solution in place, particularly when it comes to ensuring recovery. By having impenetrable recovery solutions in place for internal threats as well as external ones, organizations can protect their most valuable data assets and ensure the longevity of their business.”