The newspapers are awash with discussions about elections – from recent UK Local ones to the European ones, through to battles for party leadership and now even a possible General election.
There are many internal and external factors that can affect the results, including threats to the computer systems that support elections, change the results and irreversibly affect the fate of all of us. History teaches us that cyber threats to election campaigns have happened in the past but what can be done to defend the democratic process from them? What about comprehensive and in-depth planning for a negative ‘day after’ scenario in which hackers have theoretically succeeded to disrupt democracy?
Lessons can obviously be learned from the business world, in all its guises. The number and variety of high-profile data breaches in 2018 made two things very clear: the first was that the nature of cyberattacks are changing, and the second was that attitudes to data privacy and protection needed a fundamental overhaul. Yet data breaches are still happening, and in all kinds of ways. A more robust approach to data management is now needed.
The value of Real Time Recovery
The government’s ability to counter or address any manipulation of election results in order to protect the will of the people bears some similarity to the issues and processes that a business would have to consider if attacked - its ability to serve its customers is put at risk. Irreversible damage can be caused to reputation and resilience. But, in both cases, an effective recovery plan must be enacted so that it can quickly resume ‘business as usual’ and provide its customers, whether citizens or business customers, with the service they expect and deserve, in a reliable and transparent manner.
In this respect, traditional approaches to disaster recovery (DR) need to evolve to support real-time recovery without adding more layers of infrastructure. In order to respond fast to customers, counter the competition and understand market dynamics, companies will need to match their reliance on data with their ability to access, recover and analyse it. How and where data is stored and distributed has a direct impact on the ability of any digital business to be truly agile.
The ‘Always On’ data infrastructure enables businesses to operate non-stop. Instead of specifying additional and expensive point solutions (HA Gateways) with dedicated management tools and monitoring requirements, it enables companies to remove IT complexities that could hinder both operations and automation processes. Instead of increasing the total cost of ownership (TCO), it makes it more financially viable to protect more applications, another significant benefit.
The two key pillars
Preparations for the ‘day after’ should be founded on two key pillars that enable insights and rapid recovery. The first is a mechanism that clearly defines what information must be collected (throughout the process of holding an election or running a company) and the method of collection itself, so that it can be analysed effectively after an attack. The data collected should include details about who has accessed the system, the source of access, user identification methods etc. The ability to retrospectively investigate how a breach took place is essential.
The answer lies in encryption for many reasons. GDPR regulations state that in the event of a personal data breach, a business is not required to communicate the breach to affected individuals if measures such as encryption have been applied to render the breached data indecipherable. In fact, Article 34 states: “The communication to the data subject … shall not be required if any of the following conditions are met …the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.”
Encryption must also be applied further up the stack to protect information in all layers - including in transit over the network. The longer the data is in a clear text format, the higher the risk and the more likely that mistakes are made. Encrypting data needs to happen as early in the data processing as possible. Generally, encryption involves randomising data. It can occur at many levels throughout the data centre stack, from inside the storage array itself, to network level encryption, to the operating system and application itself.
When data encryption occurs on the storage platform it leaves the data in plain text (readable) format as it’s moved across the network, as well as in the database and application servers. Application level encryption gives the highest protection level to data. Also, with lower entry costs there are no excuses for not exploring what a difference it can make to your data storage policies and compliance levels overall.
Acting a day after a breach, with the world’s media and your shareholders watching, a business needs to be confident that it has applied encryption policies to all the personal data it holds. End-to-end encryption of data is therefore fast becoming a necessity for businesses, not merely an end goal with no fast delivery date.
The second pillar includes information analysis, investigation and response, during which the tools used in the attack against the organisation are examined and analysed. This is done mainly by security operation centres and cyber experts in order to answer the following critical questions: how and when did the penetration take place? Is there still access to information or remote-control systems? What can be learned from them? What can be done to neutralise their activity? Who is involved and what information has been leaked?
In order to prepare effectively, both pillars are reliant on information and the ability to retrieve it quickly. However, one of the main problems for organisations is that the information collected and investigated is often saved on media that is not readily available - such as cassettes. This storage may be inexpensive, but it makes it difficult to retrieve information which can be costly.
Precise insights at a moment’s notice
For governments charged with running an election campaign, it is inconceivable that the public could be expected to wait for months until the information is retrieved, analysed and the results of the elections are finally revealed. Similarly, in the business sector, a company listed on the stock exchange would need to know immediately if a system has been hacked in order to minimise any instances of economic fraud.
In other words, planning requires organisations’ to ensure that they have the systems in place that will enable them to produce precise insights and analysis at a moment’s notice. At the same time, it is vital that lessons are learned after any disruption so that organisations can check whether all the necessary information is, in fact, collected and whether it is ready for the next attack.
The key questions to be asked at the end of a post-attack feedback process should include: is there a question that the organisation wanted to ask during the interrogation and could not get an answer? Could such an attack still have been successful today?
Allow for the fastest recovery time.
Fortunately, modern storage solutions include mechanisms that enable accurate monitoring of cyber threats and enable the detection of active attacks in the form of ‘snaps’. The challenge for many organisations remains in the ability to manage snapshot volumes, and the requirement for more storage capacity.
If an organisation has a storage solution that provides monitoring and alerts about capacity consumption, the storage team will be able to recognise and respond to this increase quickly and easily. Snaps also allow the fastest recovery, as there is no need to transfer terabytes of information back from backup destinations. This would be good news in an election campaign scenario where the ability to retrieve a large volume of information in the shortest amount of time would be critical.
Organisations, of all sizes and modus operandi, must comprehensively plan for and deploy mechanisms that support the analysis of critical questions the day after an attack. Advanced storage solutions can deliver the technology required but it’s worth remembering that a holistic approach to cyber security is also required. Close cooperation between infrastructure personnel, information security personnel and development personnel, is key to enabling efficient and economical implementation, and rapid recovery at the same time.
The key to delivering business growth
It seems that in 2019 (and beyond) businesses are learning to evolve and will become increasingly agile as they interact with customers through digital channels. Their reliance on data availability, in real time, will also increase. Using technology to help compete more efficiently and not fall victim to inertia is paramount. As businesses become increasingly dependent on the insights from data analytics, and face-up to competition fuelled by the 24x7 society of instant gratification, Always On becomes mission-critical.
In parallel, we also expect zero tolerance relating to any kind of data breach that impacts data privacy, and this will make a big difference to business reputation, customer loyalty and retention.
Non-stop data access also contributes greatly to the ability of competitive businesses to move quickly, and adopt or adapt, products and services. The key to delivering business growth. It should be no surprise then that ‘Always On’ not only has the potential to protect the bottom line, but that it also makes commercial and strategic sense.
Eran Brown, EMEA CTO, Infinidat
Image source: Shutterstock/Carlos Amarillo