October is National Cybersecurity Awareness Month. During this month, it’s a great idea to review the strategy you have in place and ensure it accounts for all types of threats. If attacked, locating the intrusion and quarantining systems is critical, but your ability to restore normal business operations is paramount to your continued success.
There has been an exponential increase in the number of newsworthy cyber-attacks over the last few years. Some of the most common forms of attacks have the primary goal of destroying data. Some simply erase data while others encrypt it and hold it for ransom. Ransomware has become one of the primary threats to organizations. According to the 2018 Verizon Data Breach Investigations Report (DBIR)1, ransomware was included in over 40% of malware in 2017 and is even described as “not unlikely” in this same report.
Many data protection and cyber security strategies have not evolved quickly enough to effectively recover from these types of emerging attacks. Dell EMC Consulting has helped many customers in adding a cyber recovery strategy into their data protection and cyber incident response plans to ensure they can quickly recover critical systems and applications.
When you’re developing or improving your cyber recovery strategy, keep these four considerations in mind:
1. Attacks can come from anywhere:
Recently, attacks have peppered companies from countless angles. Unpatched infrastructure firmware, out of date applications, and sabotage from insiders are just a few of the successful attack vectors that have been used over the last few years. The latter is an alarming reminder that someone in your organization could be acting against you. According to the DBIR, the threat of insiders is well documented, with 28% of attacks involving an internal actor1. Another key point made in this report points toward a growing number of attacks (11%) involving physical actions, which again, points toward insider compromise.
2. Out of sight, out of mind:
Attackers are crafty and have been able to bypass anti-malware and traditional security controls, allowing them to go undetected for months and sometimes even years. This type of attack is further enabled by the disappearance of the traditional perimeter with more connected and mobile devices. This leads to a lack of visibility across the network and creates more points of exposure to attack. Organizations are often not prepared for this and face a prolonged data recovery time as a result.
3. Align the plan with your business:
No two companies are alike, so you need a tailored strategy that supports your unique requirements. Consider the impact on your business if a specific, critical application were to be taken down in an attack. In the last year, major cyber-attacks have businesses grinding to a halt, costing some hundreds of millions in only a few days of downtime. Understanding the applications that are most critical to business operations ensures these are prioritized in your cyber recovery strategy. An application analysis is one of the most critical components in your preparations.
4. Cyber Recovery complements Disaster Recovery:
We get a lot of questions about how cyber recovery strategies differ from those of disaster recovery (DR) and always recommend having both plans ready.
- For a DR event, you generally know what happened, when it happened and what data was lost. The primary goal of DR is to restore normal operations as soon as possible. In a Cyber Recovery event, you might not know what happened, when it started, or what exactly was lost. The goal is still to restore normal operations as soon as possible, but there are a multitude of questions that need to be answered before you know where to begin.
- Another critical difference is that cyber recovery vault needs to be isolated from the network and physically secure. Any system that is connected to the network is potentially vulnerable to a cyber-attack. Creating an ‘air-gap’ from the primary network is an effective measure in keeping critical data safe. The vault also needs to be physically secured, and access should be restricted from users without proper clearance.
These are a few of many considerations you should take into account when developing a cyber recovery strategy. In our experience, we find that customers are the most successful when they focus on a tailored solution designed to achieve their specific data protection and cyber security requirements. To learn more about the new features of this solution, continue your reading with Beth Phelan’s ‘Last Line of Data Protection Defense Against Cyber Attacks’.
If you have any comments or question, feel free to comment below.