Story image

Damage control: Are your computer systems ready to recover?

11 Jan 2018

Article by Splunk A/NZ area vice president Simon Eid.

Australian organisations could face massive disruptions in the wake of a computer shutdown or cyber attack because IT recovery systems aren’t up to scratch.

This is the latest message coming from Victoria’s auditor-general Andrew Greaves, after a recent audit of the state’s government agencies found that 41% of computer systems lacked disaster recovery plans.

This is just one example of the risks you face without sufficient processes to identify and recover systems. Businesses should take the findings from Victoria’s audit as a lesson to review their own IT disaster recovery plans. However, the most significant challenge for IT operations lies in getting staff to recognise, prioritise and act on disaster recovery. Here’s the smart way to handle it.

Be prepared

The Victorian auditor general's report recommends a disaster recovery group be set up to provide technical support and advice in the wake of an IT disaster.

While this is a good idea, an assigned individual within an organisation needs to be accountable for building and implementing the plan when disaster strikes. Cyber attacks are becoming more frequent and more sophisticated.

At the same time, it’s taking companies longer to realise the severity of a breach. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53% of attacks are detected externally, on average at 320 days.

The Yahoo hack is a good example. In 2016, Yahoo announced that more than a billion accounts had likely been affected by a hack which occurred during 2013.

In October last year, Yahoo claimed new intelligence which revealed that more than three billion accounts had been affected – that’s every single Yahoo user’s account.  

Back up for good

As indicated by the Yahoo example, businesses get interrupted and fail if they don’t have sufficient backups. We’ve seen a number of recent ransomware attacks where virtualised backups have also been destroyed.

Look no further than NotPetya which took down Cadbury’s chocolate factory in Hobart, Tasmania, as well as law firm DLA Piper Ltd.

The same attack cost Maersk, the world’s largest container ship and supply vessel operator, up to $300m in lost revenue because the company didn’t have backups in place.

The risk is real, but so too is the opportunity to detect ransomware in your network and mitigate risk. You need visibility into the validity of backups.

Enterprise backup solutions create detailed logs of all their activity, monitor the file output from these tools, and leverage the information in alerts and dashboards to confirm that critical systems are being backed up.

Attack capabilities have evolved beyond traditional detection boundaries. The major data breaches of 2017 are providing fertile grounds for new waves of ransomware and phishing, as attack vectors will continue to shift across the technology stack.

If you ask yourself now – How prepared is my organisation? How much visibility do we have of a potential IT disaster? – you’re already one step closer to recovering your systems from the disruptions of tomorrow.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.