Cyber Security

‘The Recovery Imperative – restarting your business in the aftermath of a destructive malware attack’

Nick Turner, Senior Director Data Protection Solutions, Dell Technologies United Kingdom & Ireland

Here at Dell Technologies we are in a privileged position of being a trusted partner to our clients, helping them to secure their data assets across the extended data protection continuum. This means in reality that we are providing solutions spanning from active-active replication, through traditional backup & recovery techniques, right through to long term retention….and everything in-between!

Security has always been a vital component of a data protection strategy, and for good reasons. Keeping the bad guys out has never been more important! However I would argue that in the last 10 years or so the relationships and inter-working between the Security and IT teams that support other data protection functions within many of our customers have not been working in an optimal way.

Security teams struggle with a wide brief; perimeter threat detection, network security, authentication and of course preventing aggressive destructive malware attacks. Data protection teams focus on data replication, security, backup, recovery and archiving. These teams do not always collaborate perfectly! This world we have been living in for the last 10 years is changing and we need to help our customers create a more integrated approach to protecting their businesses and their data against today’s threats.

The reason that the security and data protection worlds are converging at a faster rate than ever is down to the changing nature of the cyber threats we all face. We’ve seen the rise of destructive malware & insider led cyber-crime; Cyber-attacks such as ‘WannaCry’, ‘Petya’ and ‘notPetya’ have caused havoc in many companies and industries due to the destructive nature of their objectives. 

We can observe some stark learnings as a result of reviewing how companies were affected. There have been many insightful articles written about how the affected companies & organizations dealt with incident response and business recovery in the direct aftermaths of these attacks. These observations include:

  1. Breaches will happen. It is inevitable. In fact the greatest threats many organizations face today is from ‘insider’ led cyber-crime. As many security experts warn, ‘It’s not a question of if you will be breached, rather than when you will be breached….’
  2. Once a destructive cyber-attack is underway, the attacks can proliferate across global networks in minutes. IT systems & services collapse quickly & all network connected systems are exposed.
  3. Once such an attack has occurred (assuming your organization’s defences have been breached) the focus quickly comes onto your recovery strategy. This is not like traditional IT system recovery, this is recovery 2.0. You may be working in the dark, with no access to networks, applications, recovery systems or communication tools. 
  4. Recovery becomes your only imperative. If you cannot recover, the future of your organization/ business is in doubt
  5. At this point – your ability to execute a successful IT services recovery is no longer an issue for the IT department, the Security Operations Centre etc. It has become a board level issue and your customers, shareholders expect to see board level ownership and communication.

So with this in mind….does your organization have a clear, unambiguous recovery strategy that is understood from the board level down, and, integrates all the business functions under an integrated strategy, and that can be executed seamlessly should the worst case scenario happen?

I will be discussing ‘The Recovery Imperative – restarting your business in the aftermath of a destructive malware attack’ at the ISF Risk Management and Cyber Security Theatre at the Data Protection World Forum on November 21st 2018.