Find out how effective and necessary it is for organizations to develop isolated recovery response to fight cyber attacks.
In this Transformative Age, every business is now digital. That makes all businesses vulnerable to cyber attacks. Despite aggressive investment in cybersecurity defense and threat detection, all organizations must assume that the worst could happen. There have been too many well-known and worldwide cyber attacks to assume otherwise.
Cyber attacks – ransomware, data manipulation, data wiping and infrastructure destruction – are on the rise, and they can leave businesses paralyzed, unable to access information systems to conduct business. Several prominent organizations, while equipped with state-of-the-art cyber protection technologies, have found themselves attacked and in severe data loss situations, requiring months of recovery. In multiple instances, these attacks self-propagated within minutes, incapacitating not just the production environment but also the disaster recovery environment.
Disaster recovery and incident response protocol can address many attack situations. However, in extreme data destruction incidents, these responses may not work. To protect themselves, organizations must be armed with an isolated recovery response to extreme destructive incidents. This is a last line of defense, used only when all other means of recovery, such as data backups, regeneration and disaster recovery, have been rendered incapable and unusable for recovery. Causes include corruption and time delay between infection and activation.
An isolated recovery response requires preparation from technology and business governance perspectives. There must be technology architecture that ensures there is clean data to restore, under any cisrcumstances. The idea is simple: secure point-in-time copies of vital enterprise data are kept in a vaulted environment. The vaulted environment is typically isolated from the main production network. The vault is connected to the production environment on a periodic basis, through restricted connections to make point-in-time copies of enterprise data. During a recovery, these solutions only allow access to protected data through a physical presence in the vault, thus protecting the vault from any malicious code that may be spreading throughout the network.
EY and Dell EMC collaborated on the development of the isolated recovery solution. It combines cyber, business impact analysis, resiliency services and technology capabilities from both Dell EMC and EY to secure vital company data. Through our strategic alliance, we help organizations build the technology architecture and playbooks to recover operations in cases of extreme cyber attacks.
From a governance perspective, the solution must address the incident response and recovery procedures for a recovery operation that is vastly different from any that the organization is typically prepared to execute. This involves:
Working with the business to understand what data is critical to recover
Involving business continuity and disaster recovery teams to plan how to recover the environment
Integrating with security teams on incident response and cleanup
Working with crisis management on how to manage internal and external stakeholder communications throughout the recovery period
Join the conversation