IT organizations spend significant time and budget to ensure that recovery from an unplanned failure, such as a power outage, natural disaster or human error will be possible. Remote data replication, mirroring and backup technologies are configured to enable data restoration when needed. But will these solutions deliver in the event of a cyberattack?
A cyberattack, by its nature, involves malicious intent. Standard disaster recovery solutions are “naïve” and may fail to work properly in the event of an attack. Additional care must be taken to ensure that recovery systems are configured in an isolated manner so that recovery data cannot jeopardized.
One of the most alarming scenarios of a cyberattack is when both the data and its backup are destroyed in a hacking incident, thus leaving the organization with no way to recover. This could be a result of a ransomware attack where encrypted data has been propagated to the recovery copies or because the attacker stole credentials allowing deletion of both data and its backup. An attack with such consequences can derail any organization, leading to severe business outcomes.
Security teams must work under the assumption that a successful attack will occur, and ensure the organization’s ability to recover from such an event; this means, first and foremost – the ability to recover the data. As enterprise ransomware attacks are on the rise and increasingly focus on core IT systems rather than isolated endpoints, assuring the ability to recover data from a ransomware cyber attack is a pressing matter.
This is clear from, for example, European Central Bank (ECB) guidelines which determine that “Financial Market Infrastructures arrangements should be designed to enable it to resume critical operations rapidly, safely and with accurate data …within two hours of a disruption.” The ECB’s goal here is for financial institutions to plan for “extreme but plausible scenarios” and yet ensure that they can “complete settlement by the end of the day of the disruption.”
The ECB guidelines are only one example of the growing store of guidelines and regulations for recovery from a cyberattack. Considering the dynamic nature of IT and the variety of recovery methods and vendor tools used by enterprise organizations – storage replication, VM replication, database log shipping, backup – compliance with these and other guidelines is not an easy task. Newer to the field of data recovery, Information Security teams may not have full knowledge of the various tools and the ever-increasing and changing set of cyber recoverability and isolation best practices. And, in any case, it impossible for security teams to manually validate that IT systems are in fact configured to assure recoverability from a cyberattack.
Continuity Software’s Data Security Advisor™ ensures recovery and backup copies are kept in a secure and isolated manner while meeting cyber recoverability configuration best practices.
Data Security Advisor automatically analyzes:
Enterprises using our cyber resilience assurance solution have immediate access to updates from our dedicated research team as well as ongoing inputs from other leading enterprises and institutions. Using our Data Security Advisor solution, you ensure that critical data assets are recoverable – at all times.