In another example, he mentioned a healthcare organization that also was taken down by ransomware. “As part of their obligations for being a public reporting company, they had to talk about material adverse events, and so they revealed that they lost about $67 million to the ransomware attack,” he said.
According to Shook, ransomware attacks are becoming more frequent and more expensive. “Last year, we had a cyber ransomware attack about every 39 seconds, and this year it’s every 11,” he said. “Most of the breaches are financially motivated, and the cost per organization has almost doubled, from $13 million last year to just under $25 million this year. Across all industries, that number’s skyrocketing from $1 to $6 trillion.”
Additionally, schools must consider the incalculable cost of keeping students safe. Districts, which store information such as students’ names, birthdays and social security numbers on file, are guarding student data against more than just financial loss and should be ready at all times with a robust cybersecurity plan.
A Resilient Cyber Security Strategy Includes Defense and Recovery
Shook stressed the need for cyber resilience as a part of any organization’s IT strategy.
“When we talk about cyber resilience, we’re really talking about a high-level, holistic strategy that incorporates cybersecurity standards, guidelines and best practices across the organization,” he said.
Gerr added, “Cyber resilience is really about being confident in your organization’s ability to recover from a disruptive event, cyberattack or other ransomware or malware attack.”
“What’s important to understand about cyber recovery is that it’s a component of a larger cyber resilience strategy, one that’s really focused on isolating critical data away from the attack surface, the operational air gap, and making sure that that critical data is stored immutably in a hardened vault, which will enable recovery post-attack,” Shook said.
A school’s larger cyber resilience strategy must include plans to recover lost or stolen data. Plans that don’t include what to do in the event of a worst-case scenario aren’t comprehensive and don’t prepare the key players in the district in the event of an attack.
Cyber Recovery Should Include These Key Components
According to Shook, any good cyber recovery solution should include three main components.
“The first is isolation,” he said. “This means both physical, via maybe a locked room on-premises in a data center or off-premises in a cloud-based vault. It also means logical isolation, isolating the data and the management paths, isolating the command and control access separating the cyber recovery vault from the attack surface, from production and from backup environments.”
The second component is immutability. “Dell defines immutability as both hardware and/or software working together with additional controls that ensure the original integrity and availability of the data in the vault is preserved,” Shook explained.
The final component is intelligence. A good cyber recovery solution should apply “innovative and comprehensive tools, like machine learning and AI, within the security of the cyber recovery vault to identify potential cyberthreats and help identify whether data in the vault is recoverable,” he said.
These three components should work together to provide security for all of an organization’s data and to offer the best possible chance of recovering that data in the event of an attack, Shook said.