The Backup Plan
As we look towards 2023, and we start to think about how best to plan our new cyber strategies for the New Year, it is always great to start looking at trends in the market. Understanding the cybersecurity industry and the many, many trends isn’t always straightforward, as cyber criminals are ever-evolving and (unfortunately) here to stay.
One thing that may well be certain however, is the constant threat from ransomware. This mechanism for gaining access to organisational data has always stood at the forefront of any strong cyber strategy and, albeit a dilatory weapon for hackers, preventative measures aren’t always enough.
With that said, planning for attack is a very safe strategy to engage and organisational continuity is looking like a great new focus point for the industry as we head into 2023. If organisations can be prepared for the worst, they too can plan for a swift and smooth recovery. Having a back-up plan isn’t as simple as data loss recovery for most, understanding the damage at a deeper level can ensure the best possible outcome.
If a breach has occurred, focus first must lie with understanding the compromise itself. Establishing the initial impact point of the data breach can be a lengthy process and time should be taken to enforce best practice for the future. As there are many elements to consider when looking at a data breach, our Technical Director, Mark Lambourne has broken it down with some key questions that security leaders should ask;
“What do the hackers know, what data have they gained access to and how did the breach occur?”
An organisational back-up plan or contingency plan must then lead onto “isolating the incident with initial responses to ensure no further data loss can occur”, says Mark. “We must then consider informing ICO (Information Commissioner’s Office) of the data breach, especially if the breach contained sensitive or PII data covered under GDPR.”
A solid ‘plan B’, should also include an element of investigation – this will then allow your organisation to identify the full extent of the data breach. Mark suggests asking “what other data could have been breached and what is the extended impact to the organisation or to customers?”.
One crucial aspect that has changed is how businesses implement a backup and disaster recovery strategy. Mark says; “The initial concern was to recover from data loss due to availability issues, however Threat Actors have started targeting backup solutions to increase the profitability of ransomware attacks. Backup strategies must adapt so that they cannot be impacted by these types of attacks and backup sources must be off-domain and use separate credentials or token based access. Another easy way to mitigate the risk is to utilise cloud backup with immutable storage.”
Organisational continuity plans can manifest year-on-year, incorporating lessons that have been learned from past data breaches and implementing new strategies to overcome or prevent any further data breaches which occurred using a certain method of entry – this is the ever-changing nature of the beast.
Better long-term planning or future proofing for such attacks will only keep your organisation more cyber resilient. Without such plans in place, downtime could lead to huge losses in operations and performance due to recovery time and system outages.
What’s your back-up plan looking like?
If you need to report a data breach, please follow the link below to the ICO website.