Why recovery is the best bet in a world full of breaches

Picture the scene—a business could place the utmost trust in each and every one of its employees. They would never make mistakes, they would always be loyal, and always keep the sensitivities of vital corporate data front of mind. Imagine too, that this business had an impregnable, overarching security solution that rendered it invulnerable to an attack or a data breach. Sound too good to be true? That’s because it is.

Make no mistake, there is no organisation without an entry point for wrongdoers, and no organisation which can ensure its staff never slip up. At some point, every company will have an incident, at least at the endpoint. What’s more telling is that, according to Code42’s recent CTRL-Z study, 34 per cent of enterprises in the UK, US and Germany are expecting to be hit by a data breach that will go public in the next 12 months. A frightening figure, but under current post-WannaCry and GoldenEye/NotPetya circumstances, not all that surprising.

For those businesses that believe a breach will likely happen, then the most important question becomes how do they recover quickly and mitigate against any lasting damage? Say an organisation is hit with ransomware which spreads and encrypts some sensitive information, and simply jumping in your time machine and travelling back a few minutes isn’t an option, you are left in a terrible mess. What’s worse is that depending on the severity and complexity of the attack—decrypting the information often isn’t an option, and even if it is possible—it is often extremely time consuming and costly. 

Nonetheless, there are ways to avoid such scenario—if you know what to look for, and you have the right tools in place (a time machine of sorts)...

A difference of opinion

It is said that you can learn from your mistakes. This might be true when it comes to personal or professional development, but in the world of business, mistakes in regard to data protection mean a direct loss of time, which scuppers continuity, and therefore profit. Sure, you may come through the other side wiser—but your pockets are likely to be significantly lighter.   

When making the first steps towards a successful data remediation and recovery plan, it is important to recognise the multitude of different forces at play within enterprises themselves. As evidenced again by Code42’s CTRL-Z study, there is a continuing difference of opinion between business decision makers (BDMs) and IT decision makers (ITDMs) when it comes to the best way to secure sensitive corporate information. Each group understandably also has its own priorities and areas of expertise—some of which, do not align with one another.

According to the study, there is a very different view of where BDMs perceive investment in information security to be, versus where the money actually gets spent. As an example, BDMs believe that their IT teams/departments invest most in datacentre security (54 per cent), antivirus (53 per cent) and backup (40 per cent). But in actuality, ITDMs reveal they spend the majority of their budgets on data loss prevention tools, security analytics platforms and endpoint backup. 

These differing points of view cause gaps in understanding among key stakeholders, and also opens up the enterprise to risks. Executives and the board may assume something is protected as they perceive the budget to be spent in a certain way, when in reality, it may not be. Communication is key here to avoid this misunderstanding and to close down risk. Stakeholders must come together to discuss what is protected, where it is protected and why it is of importance—even at a grassroots level, it is important for everyone to understand why information security budgets are spent as they are.

Keep an eye on your blind spots

Additional misunderstanding can be fostered by not being privy to how information flows throughout an organisation. It is vital for business decision makers to not only have understanding of what security measures are in effect, but also that they ensure their staff, and they themselves, are following the correct procedures in regards to the handling and storage of sensitive data.

As the Code42 CTRL-Z study shows once more, not a lot of business decision makers are following this practice, as 64 per cent of them are not sharing where they store important corporate data with their IT security teams. In addition, these IT teams admit that they cannot always track data across the enterprise. A lack of visibility such as this, and a lack of information sharing, can be incredibly dangerous in the event of a breach—leading to the potential permanent loss of critical data and information.

And, when the worst happens and a breach does eventually occur—appropriate data recovery procedures need to be in each employee’s mind, regardless of whether they are from a business or IT background.

Backup to move forward faster

CIOs, CISOs and other IT decision makers are under constant pressure to deliver upon multiple security priorities and emerging InfoSec challenges. Therefore, there should be a unilateral understanding between all members of the executive team about what should be done to mitigate damage caused by cyber attacks or internal incidents.

As the workforce continue to become more geographically distributed, and employees take advantage of home working and fragmented working practices, the time of corporate information being safely stored in the datacentre is a distant memory. Successfully securing the enterprise today is a continuous operation of guarding against the evolving business and IT environment, something which requires continuous monitoring.

Preventative security tools such as antivirus and firewalls still work alright for first line defence, but they are no longer effective as a stand-alone measurement. That is why enterprise security must be multi-layered, with resilience built into every element to ensure data protection. Focusing on prevention, but more so on recovery is the only way the enterprise will be able to bounce back from threats that manifest.  Best-in-class solutions will recover within a matter of minutes not hours.

It is easy to let complacency take over, each resiliency layer in the stack should be assessed not only for its ROI, but also for ease of use, cycle time, and scalable real-time recovery needs.   

Rick Orloff, Chief Security Officer at Code42
Image source: Shutterstock/Ai825