[BreachExchange] From Zero Day Attack to Zero Day Recovery

Destry Winant destry at riskbasedsecurity.com
Mon Aug 6 22:05:48 EDT 2018


https://www.infosecurity-magazine.com/opinions/zero-day-attack-recovery/

Zero-day ransomware attacks are on the rise, becoming more and more
sophisticated and increasingly able to bypass organizational defenses.

In order to protect and remain in control of critical systems and
data, businesses need to set up efficient recovery systems to quickly
get back up and running when all else has failed.

According to a Cyber Security Ventures report, zero-day cyber-attacks
on businesses are expected to rise from one per week to one per day by
2021. As these attacks by definition occur unexpectedly and often
unnoticed, it is more important than ever to be prepared for when
these attacks occur.

Most businesses quite understandably concentrate on building defense
systems to prevent cyber-attacks from ever happening in the first
place. However with the increase in the frequency of ransomware
attacks, the last line of defense for an organization should also be
the fast recovery of systems and data should all the preventative
measures fail.

This is particularly true for ransomware, whereby the rapid
restoration of systems is the difference between a minor inconvenience
and complete organizational paralysis.

Millions of lines of code are being written every day and software
developers are under increasing pressure to deliver software faster.
This can lead to holes in the code and hackers exploit these
vulnerabilities to develop cyber-attacks.

A zero-day attack is when hackers exploit a vulnerability that either
has not been fixed or is unknown to the software vendor. These are
almost impossible to detect and defeat as they use exploits that
aren’t commonly known, and since it is almost impossible to protect or
defend yourself against the unknown, attacks like these should be
considered a probability rather than a possibility.

Even the most sophisticated cyber defense systems ultimately cannot
protect you from unknown ransomware attacks, businesses should
therefore prepare themselves for the worst by making sure critical
systems and data can quickly be recovered after a destructive
cyber-attack. We refer to this approach to IT operations as Zero Day
Recovery, as ransomware attacks require a fast response.

Zero Day Recovery
Cyber recovery is an often overlooked piece of the puzzle as, when
defenses fail, much of the damage can be mitigated through faster
recovery of the most critical applications. However, it can only be
carried out if the appropriate actions have been carried out in
advance.

We’ve seen many occasions where options were limited due to a failure
to implement and test effective backup and recovery strategies. In
fact, when we first audit a company’s IT architecture, we regularly
find that around a quarter of nightly back-ups will fail. This isn’t
something an already overworked IT and security team wishes to
discover after a ransomware attack has already taken place!

During an attack, the ability of businesses to recover data rapidly
ensures that systems and data are less affected and can therefore
continue to operate as usual, without major disruption. In cases such
as ransomware where no data is successfully exfiltrated, it is not the
attack itself but the resulting downtime that causes the true damage –
be that financial, operational or even that critical specialist
equipment was taken offline.

With Zero Day Recovery, data can be recovered quickly, minimizing or
even eliminating the damage that a destructive cyber-attack would have
caused the business.

Restoring data after an attack takes time – planning and regularly
testing recovery systems in preparation for an attack should therefore
be a priority for any business. Organizations often blindly back
everything up the same without understanding what are the critical
systems that would be required for the business to operate, leading to
major issues should all IT operations collapse at once.

Identifying the most crucial core systems and data within your
business and ensuring that those systems are backed up properly allows
you to set up an effective recovery process that meets your recovery
time objectives. This prioritization of core systems and data will
allow your business to remain operational, as it will restore systems
and data based on urgency.

By setting up and combining effective defenses with a quick recovery
system for critical systems, it allows you to defeat system damaging
cyber-attacks such as ransomware; before they get a chance to disrupt
your business.

With data very much being the DNA of any business, remaining in
control of your data is not just important – it is crucial for the
business to remain operational. Zero Day Recovery offers the ability
to be able to rely on and trust that you have the tested ability to
recover your critical systems and data quickly if there were a
ransomware attack; so that the prospect of facing a cyber-attack
becomes a much less daunting matter for businesses.


More information about the BreachExchange mailing list