“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.”Donald Rumsfeld
With our combined individual experience of over 100 years in the business continuity/disaster recovery field, it has been the case that being prepared to reduce the risk of something happening and having the means to recover if something still does, has been key. In the current climate are businesses covering all the bases to ensure resilience and recovery?
When, not if…
Disaster recovery planning can be a bit like this; planning for the known knowns and the known unknowns – but what about the unknown unknown such as the current pandemic. A pandemic has been a planning scenario but one like this? Planning for the consequences of volcanic disruptions in the UK took a whole new meaning after Eyjafjallajökull eruption. It is still and will always be a case of “When..not if” an interruption is going to hit.
We knew a pandemic was likely to happen, and will likely happen again, but maybe we cannot foresee all the consequences. A clear example of this is the disruption that Covid-19 has brought to our everyday lives (personal, business and community). That has given centre stage back to the elements of physical disaster/business interruption planning. Additionally, though it can heighten other risks, after all interruptions can come in many guises.
A clear example of this in the current crisis is the advent of greater numbers of remote workers and the fact that cyber-attacks increased from 12% malicious email traffic before the UK’s lockdown in March to more than 60% (according to Darktrace) in under six weeks. Not only that but they have increased in sophistication – fake requests to reset VPNs, Zoom videos, spoofing attack.
This environment provides greater opportunity for hackers and changes the way that interruptions must be planned for, but the increasing sophistication of malware and attack methods means constantly reviewing techniques for protecting your IT network alongside traditional disaster recovery solutions.
Let’s look at some of the issues now being faced by businesses in 2020 and explore methods of dealing with them.
Not having the complete picture
Data is the lifeblood for businesses and the foundation for any secure system is to know where your data is created and stored – virtually and physically. Understanding what data is critical and how you are protecting that data is vital.
It is also wise to consider how your disaster recovery procedures are triggered when checking your primary systems and data.
Remote working means that the transportation, synchronisation and sharing of data is taking place outside of the “normal” controlled environment, and important system updates are executed at the behest of the end user. Your security team has to be controlling how all of this is done. If not you are increasing the likelihood of a breach significantly with each passing day.
Sacrificing recoverability for time
It’s understandable that any organisation would seek to recover data in the event of a breach or other interruption as quickly as possible. To do this, many recovery solutions employ snapshot technology, which captures a virtual copy of all your IT data on a regular basis. The theory is that, if the worst occurs, you can shunt data from an earlier time into your IT framework and be up and running again in close to zero time.
However, this is not a true backup. If your system is breached and infected with malware, or files are corrupted, that bad data will have been captured in the snapshot. Upon recovery you will simply be bringing back an unusable state.
To ensure the recovery of clean and usable data, files should be backed up and recovered separately, where each can be scanned for danger and isolated if necessary. Doing so remotely will cost you time, but not your peace of mind.
Many businesses now store everything on the cloud. The benefits are numerous, especially in this time of physical disruption. But this does not negate every danger. Networks can fail and major physical disasters can take out cloud servers. A physical backup of your IT system, entirely under your security team’s control – known as an air gapped backup – is essential. Look beyond the silver lining.
An air gapped backup is not impervious to attack, however. Ransomware can infect your data with a timed delay. It can sit undetected and dormant on your system for weeks a time. When activated, it encrypts your files. Just as the pursuit of zero recovery time objectives through a snapshot and relying on this as a backup introduces risk, so too does banking on regular air gapped backups. This is because any delay built into malware operations means that all of your backups since initial infection contain ransomware – whether that backup is over the cloud or in a separate physical location. Under this scenario, a system restore is useless. You become trapped in an attack loop, as the code repeatedly encrypts your files upon restoration.
The statistics for ransomware are not pretty. The average payment for a decryption key in 2019 was £35,000 – but only 30 per cent of firms who paid even received a key. And on average, those who did receive a key found that 20 per cent of their data remained locked.
Alongside this, there is no guarantee that the ransomware is even deleted upon decryption.
Ensure that all of your data is scanned – file by file – each time it is backed up and even restored. Enhancing user training with ethical phishing, whereby end users are invited to open suspicious looking files and email attachments, imparts valuable lessons.
Email continues to be one of the weaker links in IT systems. With staff now using it as one of their primary ways of interoffice communication, it’s vital to install multi-factor authentication. You must also reiterate the dangers of opening untrusted attachments to your staff. Use this in conjunction with ethical phishing to demonstrate how one opening can leave an entire system vulnerable.
While technology allows for new scams, established ones remain. With workers not sitting within the traditional office structure, many may even become more effective. Fraudsters are still pretending to be suppliers and asking for payment details to be changed. In 2018, UK firms lost almost £93 million to this type of fraud.
As always, clear processes for any changes to supplier details need to be clear, including the adherence to on-file contact details. You may consider reworking staff training to suit remote working, too, reiterating the importance of confirming details with suppliers.
Updating DR plans
Good disaster recovery planning means you are constantly reviewing. It is the proverbial “journey” not a “destination” – because it is one that continues. While all journeys start with a single step, in the case of resilience and recovery those steps continue. Businesses must always be looking for the next step that keeps them moving forward. Looking both at the risks in the rear-view mirror to stay ahead of them and through the windscreen to try to avoid them. Have you thought about the ones round the corner you can’t quite see yet.
Now is the time to implement the tactics and procedures that mitigate these risks, so that you can retain your edge over those who wish to harm your organisation. Data2Vault is here to help you with this. Click here for a call back, or ring us on 0333 340 2380.
After all what do you have lose – other than your data?
Join the discussion and tell us your opinion.
[…] For more on the article join Mark Saville on the related Blog at Data2Vault […]