Intelligent CIO APAC Issue 30 - Page 58

CASE STUDY without having to stand up any physical infrastructure – our bases are covered .
“ To be able to say to our CEO that we have that level of protection , that in even the worst-case scenario we can be back-up-and-running within hours , means we can now both sleep a lot better at night .”
“ Over the past few years , cyberattackers have made it clear nothing is sacred ,” said Scott Magill , Managing Director for Rubrik Australia and New Zealand .
“ The biggest risk organizations face today is the inability to operate – losing access to data means losing access to applications , and therefore losing the ability to function . With Rubrik , Royal Flying Doctors Service Queensland has the reassurance it can always be there , providing essential life-saving services when Queenslanders need it most .”
We asked Adam Carey , CTO , Royal Flying Doctors Service Queensland , further questions to find out more about the project .
Are you surprised that nothing is off limits for cybercriminals – even a lifesaving agency such as yourselves ?
Unfortunately , I ’ m not surprised . I ’ m disappointed that they choose to target such an iconic Australian brand and it ’ s clear they ’ ll do whatever it takes to extort money – even if it ’ s patient personal data that they can hold to ransom .
As a counter to this type of targeted attack , our executives have probably the least administrative access within the organization . Only those who need direct access to patient records have it .
However , this doesn ’ t stop malicious actors attempting to impersonate our executive team via email , so we have a very strong email filtering gateway with some clever rules to thwart this type of attack .
Fortunately , our executive team are very skilled in recognizing suspicious emails and will always raise anything that ’ s suspicious with our security team . Further , the data our executives do have access to is very closely monitored for unusual activity , and DLP policies will alert us to – and block – any attempt to encrypt data or exfiltrate information from the organization .
Were you impressed with the simplicity and speed of the implementation process ?
The connection to and kick-off of the backup of our resources only took around 45 minutes to configure ! The next morning , I logged in to find everything was protected and reporting 5x 9 ’ s compliance – it ’ s been set-and-forget ever since , with just the occasional restore highlighting how easy the solution is to use in a real-world production environment .
What would be the impact of losing access to some of your key data and systems ?
Has there been an increase in the sophistication of cyberattacks over the last few years ?
Very much so , we ’ re seeing an upgrade from basic random attacks to more personalized and targeted attacks to key personnel within the organization , especially those who have a public presence on places like LinkedIn .
Why do you think your executive team has been particularly targeted ?
Executives are targeted for two key reasons . The first is they ’ re incredibly busy and with a properly crafted spearphishing email , attackers believe they can get them to take the bait .
Within a fairly short amount of time , we ’ d be literally grounded with flight operations and patient care directly impacted . RFDS has zero tolerance for cyberincidents for this exact reason , and Rubrik has been instrumental in the development and testing of Disaster Recovery and Ransomware-Recovery plans . This ensures our data is always safe and recoverable should the worst happen .
Were you impressed with the RTO ( Recovery Time Objectives ) and RPO ( Recovery Point Objectives ) offered by Rubrik ?
The ability to bring systems and information back online within just a matter of hours ( rather than days or weeks ) makes all the difference to our operational capability .
The second has to do with privileges . Attackers assume that executive credentials will have greater privileges so , if their accounts can be compromised , they ’ ll gain wide access to the organization ’ s infrastructure .
There ’ s no point having a data-protection system that sits on slow storage which can negatively impact your RTO ; Rubrik enables us to have rapid recovery of critical systems and the flexibility to be able to restore
58 INTELLIGENTCIO APAC www . intelligentcio . com