Tag Archive for: resilience

Data resilience in the age of ransomware: Elastio tackles complex cyber threats

/in


Cyber threats have become extremely prevalent today and are growing increasingly complex. Ransomware is now a household word and is no longer something that organizations can ignore.

Enter startup Elastio Software Inc., which was founded by the team behind AppAssure, a backup and recovery software application that was acquired by Dell Software Group in 2012. What AppAssure did very well was figure out how to recover from corrupted data, according to Najaf Husain (pictured), founder and chief executive officer of Elastio.

“In those days, it was Exchange, Microsoft SQL. You remember those days, when Exchange went down, I mean, the company was done. You couldn’t communicate,” he said. “That was a big problem. So, we did so well there, as we were able to understand the data and if it was clean or not. And we could do that early and often so the customer can understand if they were vulnerable or not.”

Husain spoke with theCUBE industry analyst Lisa Martin, during a CUBE Conversation ahead of the “Cybersecurity” AWS Startup Showcase event on September 14, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the Elastio platform and the importance of a data resilience strategy. (* Disclosure below.)

Running after the issue

Circa 2020, when Elastio was founded, the company shifted its focus to cyber, given the fact that cyber threats are so prevalent now. The company spent a lot of time focused on the cloud, and everything it does is cloud-native, according to Husain.

“We really drilled inside of these cyber threats to understand how they can corrupt the data. We spent three years kind of reverse engineering all the known ransomware out there, 1,800-plus of them, created some very interesting machine learning engines, some data integrity scanning engines to go solve that problem,” Husain said. “We founded in 2020 to go run after that issue.”

Today, there are two components to the Elastio platform: protecting data and making it immutable, plus making sure it is scanned, clean and recoverable. In June, the company announced an oversubscribed $18 million Series A investment led by Venture Guides, with participation…

Source…

We must equip health care professionals with tech resilience

/in


For weeks, a significant portion of our state has been significantly inconvenienced, even put at risk, by an increasingly disturbing trend. For nearly the entire month of August, Eastern Connecticut Health Network and Waterbury Health, which control several state hospitals and medical offices, have been suffering the effects of a cyberattack that have effectively paralyzed their technological capabilities, shutting down their information technology databases.

These are just some of 25 hospitals across the country that have had their operations impacted through this hack, and the significance of 25 hospitals being unable to provide care to their fullest extent cannot be understated. While treatment of patients is ongoing and emergency departments continue to operate, medical professionals are experiencing significant issues due to lack of connectivity through electronic systems. Local hospitals including Manchester Memorial, Rockville General and Waterbury Hospital cannot offer full outpatient medical imaging or blood drawings, with an unclear deadline or end to the outages. Even urgent care centers under the network have been forced to open alternative phone systems for patient contacts.

The continuing advances of technology in our world, and especially medical technology, have provided new opportunities to improve patient health and provide better outcomes for patients in need. In the current times, our dependency on technology also includes increasing access to remote work, electronic or e-consulting services and electronic multidisciplinary teams, almost universal electronic patients’ medical records, online scheduling, electronic radiologic images and other lab tests, robotic surgeries and remote cardiac monitoring among others. Technology has become the single most critical part of outpatient and inpatient services and communications.

Our increasing reliance on technology also poses significant risks. The current situation reinforces that our systems need more safeguards. This includes recognizing that in general, health service personnel have relatively less experience in working remotely, digital literacy and cybersecurity, leaving the sector…

Source…

3 Reasons to Focus More on Cyber Resilience than Compliance

/in


To say our country is at war with cyber criminals is an understatement.

The onslaught of attacks is relentless, and the numbers are staggering. Last year, 800,944 cybercrime-related complaints – or nearly 2,200 per day – were reported to the FBI’s Internet Crime Complaint Center. While the number of complaints dipped by five percent, the dollar value of potential losses skyrocketed 48 percent to $10.2 billion. 

It seems that each day we hear or read about a new breach at some of our country’s most venerable private and public sector institutions. In mid-June, for example, Russia-linked criminals breached several federal agencies. Among those agencies was the Department of Energy, which oversees our country’s nuclear weapons – and whose cyber defenses were breached two years earlier. 

Recognizing that our country is in an unending war, lawmakers have proposed more funding for cybersecurity for fiscal year 2024, earmarking $13.5 billion for the Pentagon and another $12.7 billion for other agencies. The recommended funding package includes $3.1 billion for the Cybersecurity and Infrastructure Security Agency, which would represent a modest $145 million bump in the agency’s current budget. 

That is a positive step forward, but here is the problem: Our federal government has a long history of being obsessed with compliance-related rules and regulations. That mindset thwarts progress for a couple of reasons.

  • First, our adversaries do not have compliance standards to meet. They only care about winning each battle and causing maximum harm.
  • Second, a compliance mindset is reactive rather than proactive. With each successful breach, policymakers seek to “fix” the problem through improved compliance. It is a slow and ineffective approach because by the time new standards are approved and implemented, threat actors have found other ways to bypass the new safeguards. There is a long and growing list of organizations that met compliance standards, yet fell prey to criminals.
  • Compliance is the lowest rung on the cybersecurity ladder that also includes maturity and, at the top, effectiveness. The obsession with compliance has another negative consequence….

Source…

Cyber resilience in the renewable energy sector

/in


In April 2022, a few months after the start of the Russia-Ukraine war, three wind-energy companies in Germany were hit with cyber-attacks that disabled thousands of digitally managed wind turbines. In one case, the company wasn’t even the target but “collateral damage” after attackers took down the Ukrainian satellite system ViaSat. This is just one example of the cyber-risks now facing digital renewable energy systems.

It is estimated that by 2050, global power systems will be 70% reliant on renewable energy – derived mainly from solar, wind, tidal, rain, and geothermal sources. These energy sources are generally distributed, geographically remote, and relatively small scale. They are often managed and operated using under-secured digital technologies that plug directly into the legacy infrastructure of national power grids. This creates a broad cyber-attack surface for threat actors to target.

From risk to resilience

To build robust cyber-resilience into digital renewable energy systems we first need to understand the areas of risk. These include, but are not limited to:

  1. Code vulnerabilities and misconfigurations in embedded software. The demand for renewable energy means that supporting technologies and applications are often developed and implemented at speed, with little time to include or test security controls. The vendors and their developers will be experts in electrical engineering and may not have the relevant security skills to do this anyway. The risk is compounded if software isn’t regularly patched and updated as bugs are reported. 
  2. Unsecured APIs. Another software-related risk, application programme interface (API) based applications can communicate and share data and functionality with other applications, including third party apps. They are a common feature of connected or public-facing systems. Web application security and firewalls are essential to prevent attackers from leveraging APIs to steal data, infect devices and build botnets.
  3. Management, control, reporting and analysis systems. Software-related risk No 3 – Management and control software, such as supervisory control and data acquisition (SCADA) systems, and other systems that import, analyse and…

Source…