​Cyber crime is going nuclear – here’s what your business can do about it

By Chris Gondek, principal architect, Commvault

Today’s cyber security landscape is evolving fast with threats becoming more complex, more organised, and more effective. In recent years, we’ve witnessed single-actor “nuisance” attacks transform into organised crime rings. And these crime rings have diverse motives and backgrounds, for example nation state-sponsored groups acting for political gain, financially-motivated organisations (complete with hacker tech support!) holding others to ransom, and even bands of hacktivists seeking to threaten the status quo through anarchy 

For individuals and businesses alike, cyber crime has gone nuclear. There’s no escaping it. Attackers have access to a comprehensive arsenal of cyber weapons from third parties, purchased through mercenary groups, or developed internally. 

While security vendors are making every effort to prevent these weapons from ever reaching their targets, businesses must always be prepared should a disaster strike. It’s already happening; according to the Notifiable Data Breaches Quarterly Statistics Report, between 1 April and 30 June 2018, Australian organisations reported 242 data breaches. What’s more, 59 per cent of these breaches were a result of a malicious or criminal attack. It goes without saying that when these bombs eventually drop, organisations need to know they have a metaphorical bunker that will keep them and their data safe.

The need for a cyber-bunker

Although it seems like common sense to have a backup plan – a safe room where data can be hidden away in the event that defences are breached and everything is at risk – many organisations lack this basic protocol. 

For many years, the challenge facing organisations was that once an attacker gained access to a system they could lock out IT teams and destroy not only all production data, but the backups as well. Businesses could be utterly destroyed by such attacks, with no access to their intellectual property (IP) and no way of regaining it. Needless to say, it didn’t take long for organisations to have offsite backup plans in place.

What is surprising is the number of business who are underestimating the value of their data, forgetting to put it at the core of their business and security strategies. Here’s how to build a modern, accessible cyber-bunker to stand up against any of today’s cyber threats.

  1. Limit the impact of an attack. Applying multiple layers of redundancy, resiliency, isolation and segregation across an environment is a sure way to limit the surface area of an attack – making sure that an organisation has the capacity to survive attacks. 
  2. Know your data. Getting business data to a safe place at the right time is critical to the safeguarding of any organisation. The environment in which data lives, as well as where backups are located can vary, but it’s vital that organisations know what their data is, and where it is stored - from cloud, to on-premises, or even on old-fashioned-but-reliable tape. 
  3. Make your data portable. Without the agility to move data to where it is needed, potentially even at a moment’s notice, it’s useless. Portability opens up recovery options beyond a single location, and from multiple sources, ensuring that no matter where an attack is coming from, there’s always a safe haven. 
  4. Make recoverability a priority. When the dust settles after an attack, recovery is key and not just physically. It should not take months or years to get a business up and running after experiencing attack. A well-prepared back up, coupled with the speed and agility that data portability offers, ensures that even in the face of a major disaster, data can be recovered and life can go on.  
  5. Plan ahead. Disaster recovery planning should not be overlooked. Whether internally or with a trusted outsourced partner, plans must be thorough and realistic. Incorporating high levels of automated testing to periodically and comprehensively simulate all scenarios that fall within the business’ risk profile is a sure way to understand how ready a business is for an attack and the disaster that often follows.

Recent events have shown us that not only does history repeat itself, but there will always be casualties of war, especially as weapons become more devastating. The one thing that has remained consistent regardless of how attacks evolve, is how to recover from them. The answer to that has always been to be prepared. After all, there’s no such thing as being too prepared.