Les Price, Head of Availability Services at Daisy, shares the common causes of fear, uncertainty and doubt around cyber breach management and explains what can help you get through it successfully.
These fears, uncertainties and doubts occur largely around skills shortages, the sheer volume of data to analyse when monitoring vulnerabilities and risks, and the growing diversity of solutions available to help with the discovery, prevention and response to a breach.
But, as one of only two companies who provide business and IT recovery services across the UK, Daisy knows that there is also a lot of fear, uncertainty and doubt around responding to a cyber breach, when it actually happens.
We have more than 30 years’ experience in recovering organisations across every sector, from all manner of disruption: flood, fire, terrorist activity, communications and IT outages, utility failures, and of course, pandemics – you name it – and we know that of all these disruptions, it’s the cyber breach invocations that raise the stakes and the blood-pressure for our customers.
Fear – Customers worry about how much of their infrastructure and data has been compromised? Have they already or will they, lose customer data? Will they fall foul of GDPR and suffer serious consequences?
Uncertainty – will they be able to recover their data from a point before their data was compromised? Will they be able to keep their recovery system separate and isolated from all the compromised elements? Will they be able to resume normal operations quickly? Will they be able to find how far back the breach goes?
Doubt – What if their backups have been compromised or the recovery fails? What if they can’t access their data from their third-party cloud provider?
Let’s look at some examples that show there is life after a cyber breach…
Example one
When a global aerospace customer was hit by ransomware, the extent of the disruption was significant – across the UK, mainland Europe and Asia. Their first call was to Daisy to invoke their contract for data services and IT disaster recovery.
At Daisy, we were able to successfully recover their data and deliver it back to them to meet their recovery point and recovery time objectives, which meant that they were back up and running within just 48 hours.
It took the customer five months to recover back to where they were before the attack happened, but because of the recovery services Daisy provided, they were able to continue to run their business with minimal disruption during that time and no ransom was paid.
Example two
When one of our multi-national financial customers suffered a cyberattack, the head office in central Europe unplugged that division of the business from their central data centre infrastructure.
That sounds extreme, but containment from other parts of the business was the priority. As they had a contract with us for work area recovery, 60 of their staff were on site at a Daisy business continuity centre just two hours later and fully up and running soon after that.
Working from Daisy meant that our customer had a separate environment to continue to run the business from, with clean systems, network and connectivity and uninfected, recovered data. Being able to do this was invaluable as it took more than 6 weeks for the primary systems to be recovered and for our customer to be able to move safely back to their own offices.
Example three
When a UK construction firm was hit by a ransomware attack on one compromised machine, the attacker was quick to access the network, encrypt all data across the server estate and take down their domain controllers, making the majority of their environment unusable.
We were called up and were able to identify and recover data from 24 hours before the attack, so the customer had minimal data loss. Our engineers worked to recover their critical servers overnight, so they could be scanned and delivered to the customer the following morning, with non- critical servers following over the next 48 hours.
On this occasion, even though the customer’s security posture was quite advanced, theirs was the first network to be hit by a new strain of ransomware so their virus scanner wasn’t aware of the initial attack and it was only identified during routine maintenance.
Summary
Cybercrime is evolving quicker than the technology to mitigate it and nobody is immune. Nothing can remove the fear, uncertainty and doubt you feel in the event of a cyber breach. It’s a stressful time and in all likelihood that organic, adrenaline-fueled response will help you get through it, but rest-assured that there are things you can do to help mitigate the risk and the impact, not least, recovery services that you can invoke, to help.
All of our tried and tested recovery services developed over the last 30 years, through to our latest cloud backup technologies with offline, immutable data storage are relevant to help you beat a breach – and we deliver them all under our Safe Haven umbrella. We’re there for you, with any combination of our services, when you need us the most.