IT directors are no strangers to the constant struggle against cyber threats. But in the unending quest to shield systems from attack, many neglect the critical question of what happens when those shields fail.
Having stood shoulder to shoulder with countless customers and partners in the aftermath of cyber assaults, I've come to realize a sobering reality: while we pour our resources into prevention, we often leave ourselves vulnerable on the day after.
Allow me to share some insights from decades in this field.
The process of data backup has traditionally focused on efficiency metrics. However, the speed of recovery must be considered. Have we thoroughly evaluated how quickly our backup systems can restore data during a crisis? It's essential to shift focus to emphasize the speed of restoration, particularly in cloud environments where download speeds play a crucial role in determining recovery timelines.
The 3-2-1 Rule has been our guiding light in IT data security for years. For those unaware, the 3-2-1 rule is data recovery and IT best practice for data backup and disaster recovery. It emphasizes having multiple copies of your data in different locations to ensure its safety and availability — three (3) copies kept on two (2) types of storage media with at least one (1) housed off-site.
It's time to fortify this rule, introducing the concept of immutability. Many vendors offer immutable storage as an add-on where it should be a standard offering. But beware of false promises; not all immutability is created equal, and it shouldn’t be considered a catch-all phrase. Dive deep, scrutinize, and be sure you understand how the storage is immutable.
We've all grown accustomed to the comfort of digital documentation. But what happens when digital fails us? Invest in printed run books and disaster recovery plans, ensuring accessibility in the face of digital compromise. During a cyberattack, concrete plans serve as our reliable guides, devoid of emotion.
Imagine recovering your uncompromised backup, only to find nowhere to restore it because your insurance company has engaged its forensics team to find out what happened, and they’ve embargoed your primary storage site until the investigation is complete. Embargoed storage — a grim reality post-attack — halts recovery efforts in their tracks. Anticipate this scenario and explore alternative restoration strategies.
In the maze of virtual machines and hybrid clouds, we often hit a dead-end as our assets elude us. But during the recovery period, clarity becomes key. Take stock of your digital and physical assets before anything happens, ensuring a smooth restoration journey devoid of delays and complications. In short, you’ll find the end of the maze in no time flat.
Make clear communication your North Star amidst the chaos of a worst-case scenario. Craft comprehensive incident response plans that answer important questions, like:
1. How will you communicate with staff?
2. How will you pay staff?
3. Do you have access to your building’s automated systems?
4. Can you access rooms or control furnace/AC in remote sites?
5. How will you communicate with vendors and clients?
6. How will you invoice customers?
It’s far better to have more answers than you need than not enough answers. Not having the answers in a crisis leads to reactive responses with little foresight. Not a good combination.
As dawn breaks on the day after, take proactive steps to fortify your defenses:
Test, assess, and understand the NiST framework.
Embrace defense-in-depth strategies, integrating multiple backup tools.
Explore physical air-gapped backups and alternative restoration solutions.
Ensure your key applications align with your backup tools, leaving no room for uncertainty.
The aftermath of a cyberattack need not be framed as a narrative of failure, but rather an account highlighting the value of readiness. Equipped with foresight and proactive strategies, we can confidently confront the uncertainties ahead. And with a strong Technology Ally like Compugen by your side, we can plan with purpose and skillfully maneuver through the complexities of cyber recovery.
At Compugen, we think differently. To learn more about how Compugen can help your organization make the day after a cyberattack feel like just another day at the office, book a discovery call today.