As cyber threats increase in frequency and sophistication, despite their best efforts, most businesses will eventually fall prey to a bad actor. Are you prepared to recover?
You’ve invested in state-of-the-art, end-to-end security solutions. You’ve implemented robust security and privacy policies and outlined best practices. You’ve got monitoring and detection in place at every level and you apply updates as soon as they’re available. You’ve done everything a smart and responsible organization needs to do to safeguard your systems, networks, data, and other assets from cyber threats.
The question is: are you prepared to recover from a cyber event?
As cyber threats increase in frequency and sophistication, most businesses will eventually fall prey to a cyber event, despite their best efforts. The longer it takes to recover, the more it will cost. Swift recovery is paramount to minimizing damage. Simply put, organizations must prepare to recover from a cyber event before it occurs.
Why a disaster recovery plan may not be good enough
Many organizations have disaster recovery plans and assume the concept of disaster recovery and cyber recovery are the same: a system or location goes down, you shift operations, complete recovery efforts, and return to normal. However, the two scenarios have some vital differences.
When a disaster happens — such as a data center fire or server hardware dying —you get alerted right away. You know when and where the disaster occurred and have a predictable recovery point objective (RPO).
On the other hand, with a cyber event, you’re sure of only one thing: there’s been an attack. You don’t know when it began, where it happened, the scope of the damage, or how to mitigate the intrusion. Although you may have been alerted on a Tuesday at 8 AM, the cyber event may have occurred days, weeks, or even months earlier — which means that the initial damages you’re aware of may only scratch the surface of a much bigger problem.
Furthermore, cyber-attacks have become increasingly sophisticated and commonplace, and a 5-year-old disaster recovery plan may not cover modern scenarios. If you don’t have a cyber event recovery plan, it could take days or even weeks to recover, costing time, money, customer trust, and lost business.
Store secondary copies of information offsite or off-network
In addition to the potential for natural disasters, storing data solely onsite exposes your business to risks such as backup file corruption should your local network suffer an attack. As part of your cyber event recovery plan, ensure you’re storing secondary copies of information offsite or off-network. Keep these copies readily available, so you can begin recovery efforts immediately to limit damage and costs.
Secondary data storage solutions range from offsite servers or tape storage to private or public cloud backups. Cloud storage is your best bet when it comes to accelerating the time to recovery. Data is easily accessible and does not require manual intervention, meaning recovery work can start quickly.
Determine data classification and order of recovery
Data classification involves categorizing information based on sensitivity and business value. Organizations have many reasons to perform data classification, ranging from security and data compliance to risk management and storage cost control.
When recovering from a cyber event, data classification makes it easier to identify what data has been lost, the scope of the damage, and, ultimately, the event’s cause. When organizations do not understand data classification, recovery efforts take far longer and far more work. And in some cases, they may not be able to recover fully.
Another critical and related piece of the puzzle is understanding the order in which your environment needs to be recovered. While many organizations are aware of this need, many are not prepared. Data classification enables you to identify codependences within your IT topology. If your most critical application relies on lesser or noncritical systems to function, those applications need to be labeled as critical.
Have a failback plan
Once you have mitigated damages from the cyber event, you need to return operations from the secondary location to your original location. Having a failback plan in place — whether moving back to infrastructure that’s on-premises or in the cloud — enables your company to resume business as soon as possible with minimal downtime or data loss. Unfortunately, very few companies are positioned to do this quickly, costing additional time and money.
Your failback plan should incorporate all data and data changes as well as workflows. The failback plan should include your data classifications and order of recovery as well as testing to verify data accuracy, primary systems, and network quality. Ideally, the failback process should be automated.
Get industry-leading cyber recovery as a service.
No matter how secure you’ve made your infrastructure, the likelihood of a cyber event impacting your organization eventually is relatively high. With cyber recovery plans in place, you can minimize damages and costs and accelerate the time to recovery.
One of the best things your organization can do is to take advantage of data or cyber recovery as a service (CRaaS). Based in the cloud, CRaaS saves time and money when a cyber event happens because it streamlines information recovery.
Zerto on HPE GreenLake makes cyber recovery faster and easier and frees up your organization to mitigate the threat and stop the intrusion, reducing the overall cost and damages caused by the cyber event. Benefits include down-to-the-second RPOs via continuous data protection and journal-based recovery. Zerto also offers the industry’s fastest recovery time objectives.
To learn more about how you can improve your readiness for a cyber event, talk to one of GDT’s cyber recovery specialists.
[AS1] Link to the Cyber Security article by Lawrence Redford