There is no shortage of almost daily reports of enterprises that are victims of ransomware and other cybersecurity attacks. Cybersecurity attacks result in disruption to business, potential data corruption, and most destructively, and reputational loss (a loss that is almost incalculable).
Neuralytix observes that most enterprises understand the impact of a cyberattack. We believe that boardrooms have directed public relations/marketing, crisis management and financial leaders to prepare how to deal with the aftermath of such an attack. Technology and security leaders have also been ordered to prevent cyberattacks and put in place measures to recover from an attack.
However, the adage that “you don’t know what you don’t know” clearly applies when it comes to cyberattacks. Most cyberattacks exploit weak, non-existent, or erroneous security measures.
Apart from the impact cyberattacks on an enterprise, there is the question of how to recover from it. The immediate response under “normal” conditions where there is a hardware failure, software bug, or even a major disaster is to restore to a point-in-time prior to the fault or disaster.
Traditional approaches of developing, testing, and performing regular rehearsals of recovery are costly in terms of financial and human resource investments. They require the replication of hardware and software infrastructures as well as applications to simulate accurately permutations and combinations of predictable scenarios of cyberattacks or other disasters. They require either expanding the technology team (typically an unsavory approach from a financial perspective) or straining the resources of the existing technology team (typically an unsavory approach from a technology perspective).
While not eliminating the costs, the public cloud has significantly reduced the cost of cyberattack simulations by allowing enterprises to perform such simulations online, ephemerally, and dynamically.
Neuralytix notes that for any cyberattack, a specific point-in-time cannot be defined. Therefore, it raises some significant questions for consideration. Some of these questions include:
- Where and when did the cyberattack take place?
- What data is affected (is it all the data, some of the data, is it enterprise-wide or app specific)?
- How much of an enterprise’s data is affected?
- Is there any dormant malware within the data?
Traditional backup and recovery software does not take into consideration the complexities and dynamics of cyberattacks. Traditional backup software can only recover data from a given point-in-time.
However, with cyberattacks, if an enterprise chooses to pick a restore point that is, in fact, after the initial attack, then there is a possibility that dormant malware will result in a secondary or repeat attack of the restored data, making the restoration ineffectual, and in the worst case, may result in the same consequences listed above all over again.
On the other hand, if an enterprise chooses a restore point that is too far in advance of a cyberattack, too many transactions and too much data may be lost.
Even if an enterprise has the technology to roll back transactions or storage systems that take snapshots of data, the same problem of finding a the appropriate restore point exists.
To find the appropriate restore point, a forensic analysis of the origins and propagation of the breach is required. This will typically require restoring data from multiple points-in-time to an air-gapped infrastructure and test each restore to find the right restore point. This process can take from hours to days; all the while business must continue with potentially compromised data.
Neuralytix recommends enterprises to take advantage of artificial intelligence (AI). AI can help to create simulations that previously were not considered. It can also be used to forecast the impact cyberattacks may have from a technology perspective. Equally, AI can be used to understand the most appropriate restore point for any given cyberattack scenario.
Enterprises must complement traditional backup and recovery software with software that provides cyber resilience. Ideally, software that can do both. Offline backup and recovery are still an essential best practice for every enterprise.
We live in a world in which our computing and data environments are dynamic, interdependent, hybrid (on-premises and cloud), regulated, and highly exposed. IT leaders must do everything they can to be proactive and not reactive (although this is unrealistic as bad actors are, regrettably, almost always one step ahead).
Neuralytix advises enterprises to consider the protection of data in use and at rest, the preservation of data over time, and actively prolonging the value are not mutually exclusive. We advise enterprises to consider data management, data protection, data security, data resilience, and data governance inclusively and holistically to minimize the impact on business continuity resulting from unforeseen external (or internal) breaches.