Have you ever been on the London Underground (or “The Tube” in local parlance)? The platforms are labeled “MIND THE GAP” to warn customers not to fall between the platform and the subway train.
With cyber recovery, you also need to mind the gap!
Cyberthreats are growing in frequency, variety and intensity. The statistics are pretty alarming: 34% of attacks in 2020 involved an insider,¹ 82% of employers reporting a shortage in cybersecurity skills and 67% of customers are not confident in the ability to recover.
With all of these concerns about cyber recovery, what’s a responsible IT leader to do?
Dell Technologies has been working with organizations across all industries, even before the recent exponential increase of ransomware attacks, to guard critical business data from these threats, and we’ve learned some important things.
Mind the Gap Between Traditional Security Defenses and Evolving Cybersecurity Threats
The bad actors behind ransomware attacks sneak around existing IT perimeter defenses, such as firewalls, and embed their malware deep into IT systems and data long before they spring their surprise message indicating your systems and files have been encrypted and demanding ransom.
You’ll need to beef up your technological defenses. You can’t rely on perimeter security alone. Many IT organizations rely on backing up their critical data, but attackers are now targeting backup systems first, as a way to increase their impact and chances of securing a ransom payment. Once the attack is sprung, it’s very challenging to determine in a timely fashion when production systems and backup data were infected — and more challenging to return to business as usual. Paying ransom to the hackers and obtaining decryption keys is a gamble some organizations will take. However, that has not worked out well for some; either the keys did not work, or the process of decryption was too slow.
In our experience, a dedicated cyber recovery vault is required, with the 3 “I’s” of isolation, immutability and intelligence. You need to isolate critical backups from production data to minimize risk of infection. You’ve got to make sure vault data is immutable so that it can’t be changed by malware or by an insider. You’ve got to have intelligence in the vault and leverage modern AI/ML-based behavioral detection techniques to constantly check vault contents for anomalies and changes to files in production which may indicate an ongoing attack. But mind the gap in vendor capabilities: some vendors have been using the term “air-gapped” to describe their solution, but their definition does not address the 3 “I’s.”
Mind the Gap Between Current Backup Operations and Cyber Recovery Operations
Many organizations we work with have a robust operation for their backup environments, but this often is focused very broadly to backup a majority of data, in case of an operational issue. But that doesn’t mean that everything you’re currently backing up should be protected in a cyber-vault. You need to focus on those things which are most important to restarting business operations. Have you identified that critical data that needs to be isolated and defined a corresponding recovery policy to reflect this?
Similarly, the recovery process from an isolated vault is a bit different from traditional recovery from a backup environment. And of course, you’ll need to make sure you’ve eradicated the infection and clean out production before bringing data out of the cyber recovery vault.
Mind the Gap Between Current Readiness and Getting Vault Protection Running
For those who don’t already have a cyber recovery solution deployed, addressing these gaps may sound daunting. And we see customers who know they need to protect their business with a cyber recovery vault, but struggle to get their recovery requirements and their recovery process defined.
We’ve got you covered! At Dell Technologies World, we’re announcing APEX Cyber Recovery Services. You can close your cyber recovery gap with an isolated vault, managed by Dell experts, all available through a convenient as-a-Service subscription. With the experience gained from deploying over 1,900 cyber recovery vaults, we’ve packaged everything you need to quickly get a vault in place to protect your critical data and determine a path to recovery:
- Standard configurations with three common capacities (100-200TB, 150-300TB and 300-600TB)
- Best practice guidance from Dell cyber recovery experts on what goes in the vault
- Ongoing secure vault operations managed by experienced Dell teams
- Simplified recovery level options including a lower-cost option and a more advanced option accommodating additional security checks
- Dell-assisted recovery operations leveraging templated runbooks to predictably return to production
All you need to specify is the recovery service level that best fits your business and the initial vault capacity that you’ll need. And don’t worry if you’re not sure about these things either. Our cyber recovery experts can help. The most important thing is to close your cyber-exposure gap! Gain confidence in your ability to recover from a cyberattack with APEX Cyber Recovery Services.
Learn more here.