Magazine Button
Recovering data and operations after a cyberattack

Recovering data and operations after a cyberattack

Enterprise SecurityThought LeadershipTop Stories
Recovering data and operations after a cyberattack

Cyberattacks are a reality for many businesses in the UK, resulting in both tangible and intangible costs. John Beattie, Principal Consultant at Sungard Availability Services, explains how companies can start off on the right foot in terms of cybersecurity.

Cyberattacks are depicted in popular culture with scenes of utter panic. There’s feverish typing, a series of hectic phone calls and computer screens flashing or shutting off. They are, in fact, a reality for many businesses in the UK. The scenes of utter panic may be exaggerated on screen, but the impact on real-life organisations are scary.

On the surface, post breach customer protection, cybersecurity improvements, regulatory fines and PR costs for reputation restoration are all tangible and quantifiable costly impacts of an attack. However, there are many more intangible costs, including value of lost potential contract revenue; devaluation of reputation and lost value of customer relationships which are harder to equate for and can damage organisations for years after the event.

Cyberattacks continue to dominate the headlines, so it was no surprise to me that a recent report from the Department for Digital, Culture, Media and Sport revealed that the number of active cybersecurity firms in the UK has increased 44% from 2017 making the UK’s booming cybersecurity sector worth £8.3 billion. In an ever-evolving world of threats, while preventative measures are essential, much more is needed to properly protect an organisation’s critical data from malicious activity. For example, what happens once an attack has been successful? As was seen in the recent ransomware attacks on Travelex which forced staff to use pen and paper, it can take weeks to get business processes back up and running.

One of the most concerning outcomes of a cyberattack is the compromise of data. Multinational manufacturers and US city and county governments parted with more than US$176 million responding to the biggest ransomware attacks of 2019, spending on everything from rebuilding networks and restoring from backups to paying the hacker’s ransom. Top of the list was the attack on the Danish hearing aid manufacturer Demant which resulted in recovery and mitigation costs estimated between US$80-95m.

Starting off on the right foot

A meaningful security posture starts with preventative security measures and a defensive in-depth data protection strategy. From leveraging server and desktop malware protections to teaching employees, contractors and vendors about social engineering tactics and malicious email phishing campaigns that find their way into an organisation’s data. Having strict systems access protocols already in place to ensure only authorised personnel can access data is of utmost importance too, so that no one has similar ability to compromise both production and backup data.

However, even with the most robust protection capabilities, successful attacks on data are a reality. Backups are an integral part of protecting production data. They focus on ensuring organisations are ready to recover the IT environment and data in case of a Disaster Recovery situation. They also enable the ability to recover a file if it is corrupted due to a hardware or software failure. However, recovering data after a successful cyberattack presents a much more complex challenge so organisations need to enhance their data backup strategy, capabilities and plans to significantly improve their odds of effectively responding. Failure to do so jeopardises the likelihood of a successful and timely data recovery effort.

Not all data assets are vital to an organisation and in turn, they all can’t economically be given the same level of enhanced recovery risk mitigation. Identification of which data assets qualify for extra duty-of-care should be based on organisationally defined criteria. Organisations need to identify and justify their Vital Data Assets (VDAs) and for each, define the relevant maximum loss and downtime requirements. These requirements can be used to determine a go forward VDA protection and recovery risk reduction strategy and the supporting technical architecture. Much like RTOs and RPOs drive Disaster Recovery strategies and capabilities.

As with any Disaster Recovery programme, a Cyber-Compromised Data Recovery programme should be formally established and tested regularly to assure people, processes and capabilities are well understood and will enable a successful recovery when needed. Organisations should establish a discipline of frequent testing with varying scope and situational parameters that would include participation from various business disciplines and stakeholders.

A data-compromising cyberattack can happen to any organisation, so it is imperative to establish plans and capabilities in advance that reduce data loss risk and enable timely recovery of the most current data possible.

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive