How to ensure a fast recovery from the inevitable cyber-attack

Darren Thomson, Field CTO – Security, EMEAI at Commvault. (Image: Commvault)

While many have invested heavily in frontline defence tools to try to keep out bad actors, they have spent far less time and money preparing for what happens when the criminals eventually get in. 

And they will get in. With the use of Artificial Intelligence (AI) among bad actors only growing more prevalent, hackers are proving more adept than ever at infiltrating enterprise networks. 

Meanwhile, the fallout from breaches is growing more severe. As a result, businesses must shift their strategic thinking to emphasise how to quickly and securely recover from a cyber incident.

Polymorphic Cybersecurity Landscape

In recent years, the landscape of cybersecurity has evolved drastically, challenging enterprises to rethink their IT resilience strategies in the face of increasingly sophisticated cyber threats. 

Traditionally, businesses could rely on fortified security perimeters and robust backup systems to recover from disruptions like natural disasters or network outages. However, the advent of cloud computing has rendered these defences obsolete, expanding IT environments and multiplying the attack surfaces. 

Today, organisations navigate through a plethora of software tools daily, trying to address the polymorphic nature of cyber attacks.

AI-Driven Cyber Threats and Rising Costs

Concurrently, hackers leverage AI to exploit vulnerabilities, presenting a daunting advantage over enterprises still grappling with how to effectively deploy AI in their defence strategies. 

The consequences of cyber breaches have escalated dramatically, with breaches averaging costs of $5 million per incident, alongside severe reputational damage and legal ramifications under new disclosure regulations. A pivotal requirement for businesses now lies in fortifying their defence strategies, with a heightened focus on safeguarding backup data.

Challenges with Traditional Data Recovery

Traditional data recovery methods, relying on retrieving the latest backup, are no longer foolproof. Increasingly, cybercriminals infiltrate backup data, infecting crucial recovery systems with ransomware and other malware. 

The persistence of these threats is evident, with attackers remaining undetected within systems for an average of 277 days before discovery, embedding malicious software into recovery data repositories. 

A significant majority of ransomware attacks now target backup repositories, exploiting the short retention periods of clean data, leaving enterprises vulnerable to deploying infected data unknowingly during recovery efforts.

Comprehensive Cyber Recovery Solutions

This scenario amplifies the severity of attacks, compounding the damage inflicted by hackers. To effectively combat these threats, enterprises must invest in comprehensive cyber recovery solutions that integrate seamlessly into their existing infrastructure. 

Historically, businesses sought secure restoration environments through costly dark sites or cloud storage solutions, which posed unpredictable risks.

Bridging Organisational Silos

Today, advancements in technology offer platforms that streamline the creation of secure backup environments, ensuring swift recovery capabilities in the event of a cyber incident. 

A fundamental strategy gaining prominence is the "3, 2, 1" approach, requiring businesses to maintain three copies of their data, with at least two stored in separate locations. Crucially, one repository should remain "air gapped," securely isolated in a cloud-based offline centre accessible only to authorised personnel. 

This setup provides a clean repository for data recovery and validation, essential during regular audits to detect anomalies and ensure compliance with cybersecurity regulations. Despite these advancements, organisational silos between security and recovery teams remain a challenge.

Prioritising Cyber Recovery

Traditionally, cybersecurity falls under the purview of Chief Information Security Officers, while data backup and recovery are managed by IT teams reporting to Chief Information Officers. 

This disconnect delays the detection and response to breaches, underscoring the critical need for integrated approaches that unify security and recovery efforts. 

Moreover, the integration of AI-powered technologies like Security Information Management and Security Orchestration, Automation and Response systems offers enhanced detection capabilities, enabling real-time alerts and coordinated responses across security and recovery teams.

By bridging these gaps and leveraging advanced technologies, enterprises can significantly reduce downtime and mitigate the impact of cyber incidents. 

As cyber threats continue to evolve, enterprises must prioritise cyber recovery as a cornerstone of their security strategies. 

Read more