Tapping into the ’touch grass’ movement in cybersecurity

The ’touch grass’ movement has seen users move offline and seek a more balanced, grounded reality, and it would seem the cybersecurity sector is experiencing a similar backlash. The increasing emphasis on resilience and the ability to get back to ‘business as usual’ (BAU) means that organizations are now looking to create airgaps and recovery mechanisms that are not totally dependent upon ‘always on’ connectivity.

The government wrote to chief executives across the country last month, urging them to keep paper copies of their incident recovery plans, according to reports. It’s a sentiment echoed by Richard Horne, chief executive at the National Cyber Security Centre (NCSC), who stated organizations need to have plans in place for how they would continue to operate without their IT, and which would allow them to rebuild their IT at pace.

We’ve already seen what executing those plans might look like following the recent attack against the Collins Aerospace Muse check-in system. That saw Heathrow and other European airports resort to pen and paper when boarding passengers for at least three days, but it’s a practice that’s not unusual in the aviation sector. The failure of the National Air Traffic Service (NATS) En Route flight planning system back in 2023 saw 2,000 flights cancelled, with paper-based contingency planning enabling 60 plans to be processed per hour, allowing some service to be maintained.

Keeping assets close

Within the enterprise, the desire to ringfence assets has also seen the repatriation of data from the cloud. A recent survey found 97% plan to move applications and workloads from the public cloud to in-house systems due to concerns over data sovereignty, risk management, cost, compliance, and security. The consensus is that while cloud remains important, a hybrid approach is more conducive to flexible and secure data storage and processing.

Collectively, these trends all point to a growing appetite for tangible security mechanisms that can be used to safeguard the business and ensure it can resume BAU as quickly and efficiently as possible. It’s a paradigm shift and one that presents the Channel with an opportunity: to tap into and advise on the advantages of physical security solutions.

One example of this is localised data storage. By assigning employees storage peripherals such as portable high-capacity hard drives or flash drives, it’s possible to ensure that data remains accessible, but it also acts as a belt-and-braces approach to securing data.

This is because the 321-rule, which is widely regarded as best practice, provides a tiered form of backup. It states that at least three copies of data should be stored at any one time, with at least two copies on different types of media, such as a local hard drive and the cloud, and at least one copy offsite, in a separate physical location away from the primary site.

Protecting peripherals

However, physical storage media have their own challenges. If these devices fall into the wrong hands or become lost, the business needs to know that the data they contain isn’t then put at risk of compromise. It’s for this reason that resellers need to educate the market on the need for peripheral protection and the different measures that are available.

How the data is encrypted is a key consideration. Software-based encryption is only ever as secure as the operating system on which it runs, which means the keys can be exposed if the host machine is compromised by a malware attack or keylogging software. In contrast, hardware-based encryption sees the process carried out on the device itself so creating a closed system, with the data encrypted on the fly via internal hardware and without the need for extraneous software.

User authentication can pose similar risks if it is computer-based, particularly if the device has a default PIN that attackers can obtain from online data dumps. In contrast, if the device houses a tamperproof keypad, this ensures that authentication can only happen via the device.

Irrespective of whether the PIN is hardware or software-based, it should be possible to specify a minimum PIN length to comply with the security policy of the enterprise and to reset the PIN when the device is assigned to a new user. Ideally, the device should also include auto-lock and self-destruct features, such as the ability to crypto-erase the device if too many incorrect PIN attempts are made.

The reseller’s role

Resellers should also seek to ride the wave of interest concerning immutable data backups. These see data stored in a way so that it cannot be modified or deleted after the backup has been created. The permanence of these backups provides the business with a reliable form of storage from which data can be restored, providing much greater assurance, with these devices tested regularly as part of the incident response process.

A localised storage strategy should already be enshrined in the security policy; however, approaches vary considerably. Just 20 percent of IT security decision makers believe their organization currently mandates the use of company-provisioned equipment with endpoint controls, according to Apricorn’s annual survey, which was conducted earlier this year. This research highlighted that the vast majority of organizations are allowing personally owned devices to be used for corporate data storage.

The protection afforded to these devices can vary massively, which is why it makes sense for the channel to seize the initiative and communicate the need to procure and deploy those that have the most robust security features.

It’s also an opportunity to spell out exactly what constitutes secure storage, because the ‘touch grass’ movement should not be seen simply as an imperative to put in place a means of recovering offline; it’s also an opportunity to bolster resilience.