Cyber Recovery: One Cyber Threat Many CISOs Might Overlook

Most CISOs you meet will assume that with the best-of-breed elements of their layered, defense-in-depth cyber protections all in place and updated, they might rest easy. But they may likely have overlooked proper protections for their premise-based, backup-and-recovery data. That oversight can be a big risk for them and a big opportunity for Dell EMC channel partners.

city skyline at night with overlay of tunnel of light

Despite CISOs’ best efforts to defend against intrusions, threat actors can find new ways to penetrate networks and find their way to the backup-and-recovery data, which can cause serious and often costly business disruptions.

In our experience, if enterprises lack a securely segmented or air-gapped enclave for this extra-critical data, they have a good chance of suffering an insider attack that gains access to that data. And, if that happens, odds are even greater that the hackers will destroy the backups.

“Cyber Recovery” — mitigating a stealthy vulnerability and giant risk

For many organizations and their CISOs, the issue of what we call “Cyber Recovery” flies far under their threat radar. As a CISO at one national retail chain told us after a private briefing, “You’ve made me aware of a problem I didn’t know I had.” And she’s not alone among her peers at other companies.

In her case, she thought her backups were fully secure in the data center, but we told her that general backups are not secure there, and bad guys can get in and destroy the data. As a solution, she agreed that an isolated copy of the data that cannot be attacked but can be restored as needed would be a good idea. We call this concept our Dell EMC Isolated Recovery solution.

This solution combines an optimized Dell EMC data-protection hardware and software solution with professional consulting services. It keeps an isolated copy of critical data off the network, ensuring that an uncompromised “gold copy” of customers’ most vital data always exists. When that copy needs updating, automated software establishes a connection only for the duration of the update. When done, the software re-establishes the air gap between the target and source servers, like a bank opening and closing its vault door.

Needed: C-level, board-level discussions about risk

The costs of an organization losing its backup-and-recovery data can be huge. We know that for many of the companies that suffered 2017’s Petya and NotPetya encrypting ransomware attacks, the damages were in the millions. That’s why, given the scale of these losses, cyber-recovery discussions deserve C-level and even board-level attention. If anyone understands the nature of business risk, it’s a company’s top executives and board members.

Here are some questions to ask to lead the discussion:

  • How are you doing disaster recovery for your data? What are you protecting against?
  • Have you ever had a disaster where you had to “Declare”?
  • How much money is spent on disaster recovery safeguards in any given year?
  • What is more likely to happen in the future: a disaster recovery event or a serious cybersecurity event?
  • If cybersecurity is a primary concern, how much do you spend on Cyber Recovery safeguards in any given year?

Alas, chances are they will say their Cyber Recovery spending is zero. At this point, you can then steer the discussion to addressing this particular vulnerability as a matter of business-risk mitigation — and present the Dell EMC Isolated Recovery solution.

Needed: Hardware, software and high-margin professional consulting services

To implement the Dell EMC Isolated Recovery solution, your customers will need to acquire hardware, software and your own professional consulting services. Once the solution is set up, it can operate alongside their existing backup-and-recovery solutions.

In addition, you can set yourself apart from your competition with the Dell EMC Isolated Recovery solution. That’s because our solution is mature with proven deployments, compared to many of our competitors who merely talk about hardened approaches to vital backup-and-recovery data.

Get certified to sell the Dell EMC Isolated Recovery solution

To help you learn more about the Dell EMC Isolated Recovery solution and how to sell and deploy it, we are offering a four-day training in all aspects of it. Alternatively, channel partners can sell the solution as a package, with Dell EMC experts doing the work. Either way, we invite you to find out more by visiting the Dell EMC Isolated Recovery Partner Sales Plays.

About the Author: David Finley

David is a Director at DellEMC for the CyberSecurity and Compliance practice within the Data Protection Solutions Division. In working with the security divisions of Dell Technologies and local/national law enforcement agencies like the FBI and Charter groups of Infragard, David helps customers to better understand and improve their practices related to cybersecurity and compliance. David has over 15 years’ experience in SW Development/Access Controls and CyberSecurity and has experience/certifications in Operating Systems, Networking and Ethical hacking. In addition, David publishes and speaks frequently about Information Assurance/Recovery and CyberSecurity technology.