When you think about disaster recovery strategy, much of the context for planning revolves around the types of disasters you want to protect against. Natural disasters, IT failures and power outages usually top the list of threats. However, moving forward, the idea that a cyberattack may occur is likely going to take a more dominant role. So, there will need to be an emphasis on secure disaster recovery.
Disastrous as they may be, floods, failures and blackouts aren't proactively scheming to find ways to take your company down. In 2018, cybercriminal organizations began a trend of targeting certain industries, organizations and even individuals -- all in an attempt to better their chances. This includes increasing the frequency of attacks, use of automation and better social engineering to elevate the likelihood of a successful attack.
Security breaches and disaster recovery planning go hand in hand. The bad guys have shifted tactics to be laser-focused on whatever steps are necessary to make an attack profitable. They're keenly aware of what security vendors are doing to protect the organization and even what best practices are in use for incident response. In warfare terms, they know your every move.
Here are three common issues that will drive you to focus more on resilient and secure disaster recovery:
1. Ransomware. This attack vector isn't going away anytime soon. In fact, it's getting worse. Cybercriminals are stepping up their game, working to stop IT's ability to recover by either going after backups or using a ransomware attack loop. These new techniques are designed to hinder your ability to recover. And judging by the fact that 75% of the organizations paying a ransom in the fourth quarter of 2018 had compromised backups, it's working.
Additionally, if you haven't seen notorious hacker Kevin Mitnick's Ransomcloud demonstration, you should. He demonstrates how attackers can hold individual Office 365 mailboxes for ransom. It shows that ransomware is no longer limited to just files and systems; cybercriminals are looking for new ways to access data sets within your organization that they can hold captive.
2. Island hopping. This well-planned cyberattack involves gaining control over endpoints, systems, email and accounts in one company to be used to commit fraud, data theft and more in another company. In some cases, attackers create new accounts, change security and add email mailboxes, all as part of the plan. So, while a company might not be the target victim, the cleanup of the security breach involves returning the entire organization's data, systems and applications back to a known-good state.
3. Compliance. While not a new topic, new compliance laws are popping up all over. The California Consumer Privacy Act takes effect next year. The Ohio Data Protection Act has been in effect since November of last year. And GDPR is already in effect. Each of these laws seeks to protect consumer privacy and contain an element of protection required around both the security and integrity of consumer data. This has implications for your DR strategy around ensuring you can put security and/or the data itself back into a known-good state.
Lack of availability is no longer the standard in 2019 for when DR needs to kick in; cyberattacks and compliance standards dictate the need for organizations to plan now for these additional types of disasters. To ensure a secure disaster recovery, you'll need to do a risk analysis around each of the scenarios above, determine what data sets are involved, and make certain there's an ability to recover any and all affected data, applications and systems.