Breached! Now, Every Second Matters …

Share this post:

Tik, tok, tik, tok…time is of great essence in a security breach.

The problem is that many companies are often in disarray when there is a breach. The root cause lies in our perception gap. We have mostly focused our attention at detecting, isolating, preventing, and learning from previous attacks. But when it comes to recovery, not so much.

Attackers are also getting equally good at evading, misdirecting and intruding, while working as syndicates. Motivations have shifted to zeroing in on personal data and corrupting backup data, making ‘quick recovery’ a challenge. Companies are becoming more vulnerable to third-party risks through tighter integration, IoT, reliance on real-time data and subscription to cloud services. Regulators are also demanding sheltered or clean harbor clauses, more frequent disaster recovery tests, and hefty fines for non-compliance.

The longer the breach, the greater adverse the business impact and the need for rapid recovery.

So, when a cyber breach occurs, companies that are unprepared for rapid recovery are essentially gambling with their business reputation and future viability.

Obviously, things need to change.

Think Holistically, Not Look for Band-Aid

What happens during a breach? Take this scenario for example.

The CISO follows the required steps to mitigate the risks, in collaboration with other teams. This will include alerting the appropriate authorities, taking preventive measures, isolating the breach, and analyzing the threat patterns. The IT and disaster recovery team will also look to either failover from production to a disaster recovery system or access backup data.

The reality is more complicated.

Like the video suggests, sophisticated malware can be devious and, in some cases, corrupt backup. So, you may be unknowingly doing more damage when you recover from corrupted copies. Knowing which are clean becomes critical in a breach when every second counts.

Time ticks faster during a cyber breach. Some malware is designed to propagate swiftly and infect laterally, corrupting multiple systems within seconds. In today’s integrated infrastructure, the breach may even pose a growing threat to your customer and partner systems. So, stopping an attack should not be the only concern; recovering from one quickly to keep customer and partner systems from going down is as essential.

In such scenarios, a backup system only provides half the answer. Instead, companies need to take a step back and look at their entire approach to handling a cyber breach holistically. We call it cyber resilience.

The 2019 Cost Of Data Breach report by the Ponemon Institute shows that data breaches originating from a malicious cyber-attack were not only the most common of the breaches, but also the most expensive. What’s more, the average number of days an organization needed to contain a cyber attack may take over two months or 84 days. Hackers are also spending an average of 230 days inside an organization before being discovered.¹

A cyber resilience approach aims to address these issues and more from a holistic point of view. At IBM, we also see cyber resilience as about simplification, scalability and speed. Our purpose-built IBM Resiliency Orchestration with Cyber Incident Recovery simplifies testing without impacting the production environment; reduces the time for detecting data corruption and enabling faster response time; uses efficient point-in-time recovery to keep recovery point objectives (RPO) optimized; scales to handle large, site-level detection and recovery in minutes; improves visibility and reporting for addressing changing regulatory requirements.

To achieve these, the solution relies on a modern cyber resilience architecture. It features immutable storage based on write-once-read-many (WORM), air-gapped protection for isolating backup and production environment, configuration data verification, and automating the end-to-end manual recovery processes for data, applications, and all infrastructure components at a click of a button. Resiliency Orchestration helps speed solution implementation by leveraging an extensive library of more than 600 predefined patterns that can be combined to build intelligent recovery workflows for enterprise applications that span multiple technologies, including hybrid, multi-vendor, physical and virtual environments.

The dashboard and reporting capabilities keep both the management and working teams informed of their real-time DR posture and recovery capabilities. These capabilities enable organizations to meet the required RPOs and RTOs (SLAs), and meet the objective of continuous business operations.

Changing the CIO-CISO Conversation

IBM Resiliency Orchestration with Cyber Incident Recovery gives an additional step that often gets overlooked. That is getting CIO and CISO to collaborate.

CISOs traditionally focus on improving cybersecurity and mitigating cyber risks; CIOs are responsible for the overall IT architecture, mitigating disaster recovery risks and how IT is aligned with the company’s goals.

The IBM Resiliency Orchestration with Cyber Incident Recovery is designed with both roles in mind. It combines all the security responsibilities of a CISO with the IT objectives of the CIO. It also offers reports and numbers that both can use to create the right cyber resilience plan for their organization.

When, not if, a cyber breach occurs, the company will be ready.

For more information about IBM Cyber Resilience Services, please go to here. 

Source:

1 – ‘2019 Cost of a Data Breach Report – research sponsored by IBM, independently conducted by Ponemon Institute LLC, July 2019