The long-term damage of cyberattacks such as the one that hit Gloucester Council shows that an ‘assume breach’ mindset is not enough. Whilst the initial breach makes the headlines, it’s the painstaking and unbudgeted, unplanned remediation that can take a vast amount of time for IT teams. There is no silver bullet for immediately restoring systems, and rollback is not back an option.
Delays to services as a result of downtime can be disastrous for organisations. We live in a digital world and the loss of a platform exposes how slow, limited and ineffective paper-based systems are. It can significantly impact both local residents and businesses, and lead to a loss of trust among people in services. This is another reason for the public sector to ensure it allocates sufficient funds to cybersecurity initiatives to ensure important public services are not disrupted.
Unfortunately, downtime caused by a cyberattack is not uncommon in the news. Far too many organisations put a heavy focus on “detect, respond, and mitigate” when dealing with cyberattacks. Endpoint detection and response (EDR) solutions need malware to execute in order to pick it up as malicious, by which point it could be already too late. The speed of today’s cyberattacks means that organisations could have already been locked out of parts of their network by the time security teams are on the case.
This scenario of chasing after cyber criminals can no longer be allowed to continue. We need to flip our strategy when it comes to dealing with cyberattacks and prevent them before they breach the network. Organisations are then able to stop malware without the fear of it already causing untold damage. With prevention-first solutions, organisations are one step ahead of cyber criminals.”