A cyber attack is truly an executive's worst nightmare. When an organisation's sensitive data is hacked, leaked, compromised or lost, it can send business operations into a downward spiral without much warning.
In years past, we've heard of cyber attacks on large organisations like Target, Home Depot, Sony and eBay. Over 80 million people enrolled or formerly enrolled in Anthem plans, including Anthem employees, had sensitive personal information – such as social security numbers, medical IDs and home addresses – exposed to hackers during its cyber security crisis.
In 2016 and beyond, cyber attacks are only expected to increase, simply due to the sheer number of devices, nearly 6.8 billion, circulating through the globe.
While no organisation is ever completely safe from the horrors of a cyber attack, there are measures of protection and preparedness that executives can and should take.
Businesses should always assume that IT security investments, no matter the size, couldn’t fully protect them from emerging cyber security threats like ransomware.
That said, the best way to protect an organisation is to ensure you're making appropriate security investments in addition to working with a proven IT disaster recovery (DR) solution provider that does both replication and backups of your data.
Take ransomware, for instance. It’s a constant cyber security threat within an organisation – hackers can trick employees into running software that encrypts data with a key to which the IT department doesn’t have access.
Frequently, while an organisation is in duress, hackers play to weakness by introducing count-down timers and threats of destroying the data completely.
The only way the hackers will allow reentry into the data is by requiring a payment, hence the term "ransom".
Just like any ransom negotiation, they may be bluffing – the price may go up once they know the company is willing to pay.
While there are plenty of technologies out there like antivirus and intrusion prevention systems, they don't always provide enough speed or comprehensive security when it comes to catching new threats.
No matter how much money an organisation is currently investing in antivirus software, or how much it is pouring into other ransomware protection tools, the reality is that it only takes a single emerging threat and one wrong click by anyone in the organisation for an investment to become moot.
Backups and recovery
Because the threat of ransomware is fragile, it's critical for organisations to invest in both backups and real-time recovery. In the face of a cyber attack, backups are key –providing a second copy of data, protected offsite.
In addition, some organisations are large enough to have the capital and headcount to oversee private data centres in one or more locations where they can actually manage the backup replication, monitoring and testing in-house.
Many midsize organisations, however, can't afford that luxury. If multi-site recovery isn't an option, organisations should look for a DRaaS (disaster recovery-as-a-service) provider that has data centres in several different regional locations.
In case of a crisis, this allows organisations the options of recovering data from an offsite backup location or quickly failing over to another location that hasn’t been compromised.
Replicating data for real-time recovery is another wise investment to make, complementary to backups. Continuously replicated data protection, combined with the help of a DRaaS provider, can get users up and running quickly (within minutes or hours instead of days), so they can keep their typical business functions operating as usual.
However, if encryption from ransomware affects all of an organisation’s replicated data journal sets as well, it will need to rely on backup for recovery instead.
It's up to IT executives to ensure their organisations are performing due diligence in the form of detailed planning, budgeting, execution, testing and verifying backup and recovery services.
These routine maintenance tasks are important in long-term protection and recovery from different types of cyber security threats.
When putting a DR plan into place, organisations should consider several factors: identifying which parties should be contacted in the case of an emergency; evaluating which applications are required to be back up and running in little-to-no downtime (RTO); and how far back in time the data should be replicated and archived.
This type of foresight can be challenging and often time consuming, but it's invaluable information to have in the case of an unfortunate hack.
Planning out and incorporating an overall recovery plan is a key investment for most organisations. What's more, finding a quality, scalable solution that's also economical doesn't have to be difficult.
When considering a plan to execute a seamless, successful recovery plan, think about the types of third-party providers out there that exist to protect organisations.
Evaluating, engaging with and confirming third-party providers of backup and recovery services should be a serious vetting process for IT executives.
Ensure prospective providers have separate and secure locations to recover data in case there is ever a scenario in which their production data centre is compromised.
Additionally, research prospective providers' track record and experience to ensure they're a quality, trusted DRaaS provider you can easily work with from a cultural alignment perspective.
We live in an age where, unfortunately, cyber attacks are becoming more and more common and sophisticated in nature. The bright side of that equation is that as a result, DR and cyber security programmes are getting stronger and more comprehensive.
Organisations that prioritise backup, recovery, detailed planning and strategic execution of DR protocols will be ahead of the curve when it comes to cyber security.
Sourced from Derek Brost, director of engineering, Bluelock