Story image

Damage control: Are your computer systems ready to recover?

11 Jan 2018

Article by Splunk A/NZ area vice president Simon Eid.

Australian organisations could face massive disruptions in the wake of a computer shutdown or cyber attack because IT recovery systems aren’t up to scratch.

This is the latest message coming from Victoria’s auditor-general Andrew Greaves, after a recent audit of the state’s government agencies found that 41% of computer systems lacked disaster recovery plans.

This is just one example of the risks you face without sufficient processes to identify and recover systems. Businesses should take the findings from Victoria’s audit as a lesson to review their own IT disaster recovery plans. However, the most significant challenge for IT operations lies in getting staff to recognise, prioritise and act on disaster recovery. Here’s the smart way to handle it.

Be prepared

The Victorian auditor general's report recommends a disaster recovery group be set up to provide technical support and advice in the wake of an IT disaster.

While this is a good idea, an assigned individual within an organisation needs to be accountable for building and implementing the plan when disaster strikes. Cyber attacks are becoming more frequent and more sophisticated.

At the same time, it’s taking companies longer to realise the severity of a breach. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53% of attacks are detected externally, on average at 320 days.

The Yahoo hack is a good example. In 2016, Yahoo announced that more than a billion accounts had likely been affected by a hack which occurred during 2013.

In October last year, Yahoo claimed new intelligence which revealed that more than three billion accounts had been affected – that’s every single Yahoo user’s account.  

Back up for good

As indicated by the Yahoo example, businesses get interrupted and fail if they don’t have sufficient backups. We’ve seen a number of recent ransomware attacks where virtualised backups have also been destroyed.

Look no further than NotPetya which took down Cadbury’s chocolate factory in Hobart, Tasmania, as well as law firm DLA Piper Ltd.

The same attack cost Maersk, the world’s largest container ship and supply vessel operator, up to $300m in lost revenue because the company didn’t have backups in place.

The risk is real, but so too is the opportunity to detect ransomware in your network and mitigate risk. You need visibility into the validity of backups.

Enterprise backup solutions create detailed logs of all their activity, monitor the file output from these tools, and leverage the information in alerts and dashboards to confirm that critical systems are being backed up.

Attack capabilities have evolved beyond traditional detection boundaries. The major data breaches of 2017 are providing fertile grounds for new waves of ransomware and phishing, as attack vectors will continue to shift across the technology stack.

If you ask yourself now – How prepared is my organisation? How much visibility do we have of a potential IT disaster? – you’re already one step closer to recovering your systems from the disruptions of tomorrow.

ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.