In these turbulent times, it’s not a matter of if you’ll get breached by a cyber attack, it’s a matter of when. Preparing your response is an essential part of data protection. On April 28, 2022, R2i hosted a webinar with Chris Vollmar, an IBM Canada Storage Data Resiliency architect, on the importance and best practices of cyber resiliency and data recovery. As cloud and data experts, we at R2i prioritize security for all our clients. We’re happy to be able to share this vital information with you.
Watch the webinar or read on for a summary.
Paying ransomware demands may no longer be viable
SolarWinds. Colonial Pipeline. Accenture. Sunquest. Ransomware attacks frequently make headlines as the IT community continues to discuss and respond to evolving threats.
According to the IBM 2022 threat report, ransomware attacks were the most frequent type of cyber attack observed in 2021. And because many organizations do not publicize their breaches, they may be even more frequent than realized.
In the past, organizations may have prepared for ransomware attacks by setting aside money to pay a potential ransom. But that solution is becoming decreasingly viable for three reasons.
1. Rising Cost
The average ransomware attack now demands $5.2 million USD. Depending on the organization’s budget and the ransom demanded, paying the ransom may significantly impact the organization’s financial health. And for many organizations, it’s not possible to keep that amount of money aside.
On top of that, cyber insurance premiums are rising dramatically, while the requirements to qualify become stricter.
2. Destroyed Data
Despite the increasingly steep cost, 83% of ransomware victims pay their attackers. But recently, even victims who pay may not get all their data back.
In the past, most ransomware attacks have been commercial grade. Cyber defenses are built to counter those attacks. But recently, and especially in the last few months, the rate of military grade attacks has been accelerating.
Military grade attacks, also known as wiperware, are not designed to extort money. Their goal is to destroy data. While they may mimic commercial grade ransomware, and even ask for money to get your data back, the data is often gone.
The SolarWind and Colonial Pipeline hacks are both examples of military grade cyber attacks defeating best-in-class and zero trust defenses.
Even worse for some organizations, military grade attacks may not be covered by insurance because they qualify as an “act of war”.
3. Unexpected Side Effects
In addition to rising insurance premiums and higher ransom costs, paying out a ransomware or wiperware attack has wider financial impacts.
Organizations recovering from a ransomware attack may find themselves facing higher borrowing costs, brand damage, customer notification costs, and even lawsuits if customer information was leaked.
Cyber resilience is more than cybersecurity or business continuity
Cybersecurity is reactive, and countermeasures are becoming harder to implement as the level of attack escalates. Spillover of attacks into business partners and even a global set of industries is becoming more frequent. And paying a ransom may not be effective.
In this threat landscape, how can an organization protect its data?
The solution is cyber resilience.
Cyber resilience differs from cybersecurity and business continuity plans. Cybersecurity focuses on protecting systems by keeping threat actors out and catching them when they sneak through. While it remains essential, cybersecurity practices are not enough in a world where we know most organizations will eventually face a threat their cybersecurity isn’t prepared for.
Business continuity or disaster recovery plans, on the other hand, are traditionally built to protect from physical infrastructure outages. Business continuity plans may rely on rolling to a secondary site if a primary site goes down, but in the case of a cyber attack, the secondary site will likely already be corrupted as well. Business continuity backups also are not usually designed to execute a mass restore efficiently.
Cyber resilience overlaps with both cyber security and business continuity, but there’s more to it. Cyber resilience is the processes, procedures, and tooling involved in recovering from an attack. Its objective is to bring the recovery point forward so that recovery takes hours instead of days, or days instead of weeks.
How to build cyber resilience
One option to create cyber resilience is IBM Cyber Vault.
IBM Cyber Vault is built on top of IBM SafeGuarded copies. To use it, an organization’s system makes and stores several immutable SafeGuarded copies throughout the day. When an attack occurs, the organization checks the copies, moving backwards in time until they find a clean version of the data.
In addition to providing more points in time than in a traditional backup, SafeGuarded copies save time during recovery by being more easily transversable than a backup network and by allowing testing and restoration to happen all on one system.
Cyber Vault surrounds the SafeGuarded copies, and provides monitoring and detection tools as well as a place to recover and test copies. The implementation is flexible to meet any organization’s needs.
The process to built cyber resiliency may look like:
- Set up SafeGuarded copies, either in the production facility or a DR facility.
- Built a Cyber Vault with testing space and tools.
- Develop a testing process and practice it.
- Automate as much as possible.
Automation can save an organization even more time after an attack by pre-validating copies. If the system checks a few copies every day and verifies that they’re clean, then after an attack the organization can rollback to production with a prevalidated copy immediately.
SafeGuarded copies are ideal for the hottest, most transactional data at your organization. IBM recommends using SafeGuarded copies to protect the data required for your “minimum viable company”.
Where should I start?
An ideal place to start building cyber resiliency is with the IBM Cyber Resiliency Assessment Tool (CRAT).
The CRAT is a free, brand agnostic assessment built on the NIST cybersecurity framework. Through a two-hour initial discussion followed by a comprehensive report, IBM experts help you choose priorities and orient your cyber resiliency conversation.
Once your cyber resilience processes are in place, your organization will be able to recover from any attack calmly. The end goal is to make the recovery from a cyber attack just another day in your IT team’s world.