There seem to be two schools of thought when it comes to Business Continuity strategies in relation to ransomware or cyber-attacks. One side argues that having a DR plan automatically means that data is protected from a cyber-attack, whereas the other side argues that a business needs a completely separate cyber-attack recovery plan. And depending on the age and scope of an organization’s DR strategy, both of those views may have a bit of truth in them. However, it’s important to see a middle patch of modernizing and hardening a DR strategy. Perhaps both camps can offer improvements against cyber threats and traditional disasters, encouraging a business to adopt the best options available.
The Landscape of Cyber-Attack Threats
The security landscape is enormous, and there are many vital components to protect against an attack. Cybercrime estimates from 2019 said that ransomware attacks were occurring every 11 seconds and downtime after an event without a cyber-hardened DR strategy takes several weeks to recover. If you can imagine how threats have grown since then, you can also imagine how putting up guard dogs at your gates isn’t enough. No protective strategy is 100% effective 100% of the time, and therefore, more organizations must start incorporating ransomware response into their recovery strategies. Is your DR plan attack-ready?
Here are a few tips to align your existing DR strategy with modern times:
1. Delineate Regular Recovery vs. Cyber Recovery
After a cyber-attack, there are usually steps needed to both clean the recovered workloads and isolate the attacked machines for forensic purposes. In delineating the difference between a traditionally prepared-for disaster such as a weather event or power outage and a new, ever-evolving cyber event like ransomware; businesses must include steps to recover from both event types in their DR runbooks but do so in a way that understands the nuances needed in each approach. Because of these differences, businesses should also understand the impact to a typical recovery time objective (RTO) target, and your DR plan must have adjusted expectations in this type of event.
2. Include These 3 Difference Makers in Your DR Strategy
Including air gapping, immutable backups, and multi-factor authentication (MFA) may seem like small details in the larger spectrum of a resiliency stance, but they can make all the difference when a ransomware event strikes. Air gapping prevents the spread of the ransomware and eliminates attack vectors. This protects all your recoverable data from widespread, immediate infection. Immutable backups prevent the cybercriminals from simply deleting or encrypting your backups before an attack, something we are starting to see happen more and more. And MFA is crucial to prevent one of the simplest attack vectors where cybercriminals infiltrate as one of a company’s own employees.
3. Prepare for Your Datacenter to Be a Crime Scene
One of the first steps when faced with a cyber-attack is usually to get cyber insurance involved. Often regulators, law enforcement, or even the insurance company themselves require the environment be preserved for forensic investigations. When this happens, companies must have the capacity to restore business functions without risking further breaches from the attacker. Even if a company’s datacenter isn’t locked down, can they trust a compromised datacenter? Even in cases of no risk, there is often not enough storage capacity to recover and maintain the isolated source workloads. These are concerns that recovery organizations must strategize with their business. Keep in mind that you are selecting an environment that could become the home for your operations should your normal environment be inaccessible indefinitely. This challenge is why so many organizations have been interested in targeting their DR plans to the cloud, such as AWS or Azure. It allows an easier mobility into subsequent environments should a business lose their existing environments for long periods of time.
Building a Process for Evolution into Your Strategy
Cyber threats won’t be going away anytime soon. As resiliency strategies among businesses get better, so too will cybercriminals evolve in their tactics to make a profit. Building a process for continuous iteration into your DR strategy will go a long way in setting a business on good footing for the future. If this is something businesses don’t have time for, or capacity to include, a common solution is to offload these responsibilities to a trusted third-party expert.