[BreachExchange] The sum of all fears: Preparing for a data disaster when, not if, it happens

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 25 18:42:35 EST 2019


https://www.cso.com.au/article/656730/sum-all-fears-preparing-data-disaster-when-it-happens/

Just like the two Little Pigs who had their flimsy houses of straw and wood
blown down one fateful afternoon by the Big Bad Wolf, many businesses today
are still taking their chances with data disasters. Those two Little Pigs
couldn’t have anticipated an attack from the Big Bad Wolf out of the blue –
but had they decided to err on the side of caution and invest in a robust
infrastructure like their third companion who built his house out of
bricks, they might’ve avoided their sorry fate.

Data is the lifeblood for many, if not all, businesses. As data is an asset
that we work so hard for so long to protect, it’s usually paired with that
terrible thought of what we’d do in the worst-case scenario when it’s
compromised. There is one particular moment of utter destruction when the
ramifications are truly brutal: Being victim to irrecoverable data loss.

All too often, we brush this type of scenario aside – as it’s only a
fantasy and should be happening less and less, right? Many assume we have
learnt from the past to ensure our approach to resiliency and continuity is
absolutely top of mind, but this is not the case. The recent deliberate
cyber-attack on defence shipbuilder Austal in Western Australia involved no
ransom or theft of information – just a simple, senseless ploy to seek and
destroy.

The exact same scenario happened just over seven years ago to a similar but
much larger organisation that permanently lost around 4,800 websites and
all associated data. History like this is not meant to repeat itself – but
it has, which proves the urgency to implement data protection has been
ignored. So what can we learn from these unfortunate incidents?

Not if, but when

We need to be prepared for what we know can hurt us, but we need to be
prepared even more for what we don’t know can hurt us. While security makes
every effort to prevent a disaster from happening, we must always be
prepared for the ‘sum of all fears’ – the ‘when’, not ‘if’, disaster.

In both cyber-attack scenarios mentioned, neither business incorporated any
offsite disaster recovery facility. All production and backup copies of
data were simultaneously, automatically and extremely efficiently destroyed.

Modern infrastructure and storage technologies have evolved to satisfy the
ever increasing hunger and demand for faster data and faster systems. This,
however, also means that as quickly as someone can create data, someone
else can destroy it just as fast. With systems becoming available and
online 24/7, the surface area for attack is also at risk.

The impact of recovery over prevention

As we become increasingly dependent on systems and data, there are even
lives at risk, not just livelihoods. While one person may literally lose a
life’s work in an instant, lack of access to medical records due to a
cyber-attack can stop another person from undergoing critical surgery.

Cyber threats have evolved along with these new technologies and
capabilities, meaning disaster recovery now needs to be top of mind when
deploying any systems into any environment, irrespective of what it
promises in terms of availability and durability.

The only way to avoid becoming yet another victim of ever-increasing,
sophisticated forms of senseless destruction and attack is to ensure a
vigorous and focused approach to disaster recovery. First: implement
redundancy, resiliency, isolation and segregation, where feasible, to limit
the surface area of attack. Second: understand recovery readiness risk
profiles and the automation of the recovery process against all systems to
multiple possible destinations. Having a disaster response plan in place
and testing recovery regularly will ensure you are prepared to react
swiftly and confidently in the event of a cyber-attack.

There is no such thing as too much preparedness.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190125/6774a918/attachment.html>


More information about the BreachExchange mailing list