The past few years have appeared to break all records when it comes to the quantity of data lost in breaches, alongside the sheer numbers of cyber-attacks on companies, governments, and individuals. With the growing complexity of enterprise technologies, and indeed the size of overall global business operations, companies are more vulnerable than ever to the prospect of some of the largest cybersecurity attacks we have ever seen.
Interconnected global systems, software operations, and innovations that have sought to make the world ‘smaller’ have in turn accelerated the size and impact of the cybersecurity threats faced. The latest attack by Russian hackers is proof of this, taking the form of a calculated ransomware attack on software company Kayesa. In this environment of increasing threat levels, a well-designed IT architecture is an excellent first step in leveling up cybersecurity defenses.
So, what impact did this breach have, and how can Enterprise Architecture (EA) help businesses defend against similar attacks?
REvil and the increasing risk of ransomware attacks
In July 2021, the Russian hacking group REvil, a gang of cybercriminals known for extorting payments from victims in return for unlocking their files, conducted the largest ransomware attack on record. By breaching the systems of US-based software firm Kaseya, the group was able to hit the IT systems of up to 1 million companies across the globe, demanding $70 million ransom in Bitcoin for a decryption key.
One can only be both shocked and impressed by the sheer sophistication and scale of such an attack, able to bring down firms in 17 countries. While REvil has now seemingly vanished from the dark web, there’s no denying that similar attacks from hacker groups are highly likely to be imminent. According to Cybersecurity Ventures, businesses around the world are attacked using ransomware roughly every 11 seconds and it is predicted that global ransomware losses this year will reach $20 billion.
If dealing with the pandemic has not been difficult enough, cybercriminals are adapting their approach to exploit the shift to hybrid working, targeting organizations’ supply chains and network links to partners to achieve maximum disruption. Alongside Kayesa, we’ve been confronted with other high-profile incidents such as Solarwinds, Colonial Pipeline, and JBS, demonstrating the sheer vulnerability of enterprises and the frequency of disruptive events.
Top ITechnology Blog: No-Code Success: An IoT Platform Provider’s View on Citizen-Developers
As such, it’s more vital than ever for organizations to be aware of the risks and ensure that they have the appropriate solutions in place to prevent such attacks from taking place. Enterprise Architecture is a key enabler of this for several reasons.
Indeed, with organizations desperately trying to stay one step ahead with their IT and security infrastructure, more are looking towards EA to help bolster their risk posture and preparedness for a possible attack. In the form of EA, this extends to achieving full organizational visibility and control over all operations, including full visibility over dedicated security architectures. Enterprise Architecture can help organizations both in terms of visibility and scalability, helping to increase their level of security detail and ensure its presence across each area of a company.
The role of Enterprise Architecture teams
To successfully defend against breaches like the REvil attack, organizations also need to stop treating their security as an individual, siloed department or a standalone business function. Instead, businesses need to embrace security as a culture that spans the entire enterprise. In turn, this will enable them to achieve the 360-degree visibility that is necessary to defend against high-level breaches.
Enterprise Architecture is the process by which enterprises organize IT infrastructure to align with business goals. In this particular instance, security objectives take the center stage and can be implemented with various frameworks via security architecture, a sub-discipline of Enterprise Architecture. For example, the National Institute of Standards and Technology Cyber Security Framework (NIST CSF), or the Sherwood Applied Business Security Architecture (SABSA) – both of these are open-standard, vendor-neutral frameworks that provide high-level taxonomy of cybersecurity outcomes, including the methodology to assess and manage them.
Security architecture also operates several levels above threat management and the direct implementation of security platforms, offering complete oversight and control over cybersecurity operations across the entire business. This ensures companies can fully leverage frameworks like NIST CSF and SABSA to be in line with the specific needs of a business. Likewise, there are EA tools that give teams on the ground a huge advantage when it comes to taking remedial action. This includes the ability to track every single instance of a breach or infiltration once it has been identified, across every single department and endpoint, rather than checking vulnerabilities one by one.
Building defenses for the long term
Cyberattacks are clearly growing in sophistication, and therefore so must our defensive tactics.
What organizations now need is to adopt modern Enterprise Architecture solutions to help better manage, scale, and protect all areas of their business. By keeping on top of every company operation, will ultimately help boost an organization’s ability to protect itself against ever-evolving threats. The attack by REvil is unlikely to be the last.
[To share your insights with us, please write to sghosh@martechseries.com]