Magazine Button
Protecting your data – fighting fire with fire with zero-day recovery

Protecting your data – fighting fire with fire with zero-day recovery

Deep diveEnterprise SecurityFeaturesInsightsRansomwareTop Stories

For any given organisation, data is the fuel that keeps your business going, without which you cannot operate. Protecting this data should therefore be the priority of any business. However, what happens when all defences fail? Alex Fagioli, CEO of Tectrade makes one suggestion. 

How do you make sure your business won’t go under when the worst happens and you find yourself locked out of or unable to access your most important files? In this situation, the key is to recover the lost data as quickly as possible, without having your business operations halted or even terminated by the attack.

To begin with, we need to truly understand the importance of data. You might agree that it is important but from a financial perspective very few organisations adequately invest in looking after it until they’ve been stung. Much like a book with no pages, an organisation is merely a shell with no real value without access to the data it needs to operate. In the world we live in today, where cybercriminals are becoming increasingly clever and creative, and where cyberattacks have become a daily concern, we need to comprehend the importance of the DNA of our businesses and protect it at all costs.

Defending against the unknown

Zero-day cyberattacks are considered one of the biggest threats to organisations today. This is because they use exploits that aren’t commonly known and therefore are almost impossible to detect and therefore defeat. They have been known to be able to bypass even the most sophisticated cyberdefence systems, making them the number one enemy of organisations across the globe. A painful example of this is the SamSam ransomware which recent reports state has made its owners over £4.5m.

Most strains of ransomware are relatively unsophisticated and spread indiscriminately through a scatter-gun approach. However, SamSam is used in targeted attacks by a skilled team or individual with the time and inclination to probe for a weak point.  The private sector, healthcare, government and education have all been heavily impacted by these attacks that are notoriously difficult to consistently detect and defeat.

Furthermore, financial damage is of course not the only result of the operational paralysis caused by ransomware or other system failure. The relatively unsophisticated WannaCry malware that took hold across much of the NHS caused the cancellation of thousands of life-saving operations and medical appointments, affecting a total of 81 hospitals across the UK. This is a prime example of how cyberattacks not only ruin businesses but actually have the potential to put lives in serious danger and can mean the difference between life and death.

The overarching question therefore is – how does one arm themselves against these attacks that are essentially invisible? Unfortunately, the truth is that defence against these attacks is practically impossible. Whilst having effective defence systems in place is extremely important as a first line of defence, as any security expert will tell you we also need to prepare ourselves for the inevitable attack on the heart of our business by developing a last line of defence – a zero-day data recovery system. A true lesson that we have learnt from previous attacks is that no form of defence is completely invulnerable. The last line must therefore take into account what happens next when all defences fail.

Planning your last line of defence

With the risk of cyber and ransomware attacks on organisations increasing, we believe the missing piece of the security puzzle today is zero-day recovery – the last line of defence against ransomware attacks. What we’ve noticed people often overlook, is that the real damage is not caused by the attack itself but by the downtime of operations that it causes. Whether this downtime be financial, operational or even business paralysing, it is nonetheless something a business cannot handle.

However, by investing in a zero-day recovery system, businesses won’t need to fear an impending attack as they will already have a pre-planned recovery system that will recover lost data in minutes if needed. A zero-day recovery system, as the name implies, can recover your data fast with minimal disruption to your business – as long as it has been implemented and tested before the successful attack.

There is a common misconception that you can secure your business from cyberattacks by simply backing up all of your data onto an external server. In order for the business to remain operational during the recovery process, it is helpful to be able to prioritise the systems and data that are most critical. This can only be achieved through a process of evaluation and testing as, just as TSB Bank’s recent issues demonstrate, with legacy systems it is very difficult to predict which are interdependent.

Once the IT infrastructure is understood and the most valuable business critical data has been recognised, a system based on a previously decided upon priority of restoration can be put in place.

This system allows for the most critical data to be restored as a priority as quickly as in minutes if needed, allowing ‘the show to go on’ while fixing the breach and still benefiting from the cost-efficiencies of slower recovery times for less critical information.

This ranking of data is important as, should all defences fail at once, IT security teams will know exactly what data is essential for business operations to continue and therefore needs to be restored first; this system will thus restore data based on urgency.

For this recovery system to work however, it needs to be thoroughly planned, developed and tested before an attack has a chance to take place. For example, decisions need to be made based on which workloads are most important for our business to stay operational? How fast do we need them back? Which data can we survive without for a slightly longer period? These are all questions that, should all defences fail, will be vital regarding what will happen next for your businesses following a ransomware attack. If a proper recovery plan is in place, your IT security teams will be able to bring back data within minutes with minimal disruption.

Thus, by having an idea of what data is most important to keep the business running, organisations can manage their recovery system as well as its cost to best suit their needs. Planning and categorising in this way also allows IT teams to go back to the owner of a particular workload and let them know exactly how much it costs to run their workload and how much it will cost per month to place that workload as a priority in the restoration process, therefore giving it high survivability. This process could even help to save money on storage, ultimately meaning the process pays for itself.

In a world where ransomware attacks are more targeted and sophisticated than ever before, the potential of a cyberattack targeting business critical data can no longer be considered a question of if, but rather of when. Preparing for this inevitable attack should therefore be the priority of any business; focusing solely on defence is not enough anymore but needs to be combined with an effective recovery system to protect the most vital asset of your organisation.

Browse our latest issue

Magazine Cover

View Magazine Archive