Prevention is no Longer the Best Medicine - Recovery is Key

In an ideal world, every company could trust each of its employees not to make any mistakes or slip up in regards to the handling of sensitive corporate data. In this utopia, each employee would also have an impregnable security solution—rendering themselves invulnerable to attack or breach.

Make no mistake, there is no company without a flaw and at some point, every organization will deal with an incident. In fact, according to Code42’s recent CTRL-Z study, 34% of organizations are expecting one that will go public in the next 12 months!

The big question here is, how do you recover quickly and successfully post-breach? Say your organization gets hit with ransomware, encrypting sensitive information. Travelling back in time or simply hitting ctrl-z is not an option here. If you don’t have a recovery solution in place, there is a near 0% chance of getting the destroyed or encrypted data back. Nonetheless, there are ways to avoid such scenario — if you know what to look for.

The discourse between business and IT
In everyday life, every mistake is an opportunity to learn, but in business—each mistake related to data protection means a direct loss of time, and therefore profit. In today’s digital world, this is becoming all the more critical, as each megabyte of information can be directly linked to the financial performance of the company.

To make positive strides towards successful data remediation and recovery, it is important to recognize some different forces at play within enterprises. There is an ongoing discourse between business decision makers (BDMs) and IT decision makers (ITDMs) when it comes to securing sensitive corporate information. Each group also has its own sphere of expertise and priorities—some of which, understandably, do not align. 

According to the CTRL-Z study, there is a very different view of where BDMs perceive investment in information security to be versus where the money actually gets spent. For example, BDMs believe that their IT teams/companies invest most in datacenter security (54%), anti-virus (53%) and backup (40%). In actuality, ITDMs reveal they spend most on security analytics platforms, endpoint backup and endpoint data loss prevention tools.

These disparate views cause differences in understanding and opinion amongst stakeholders, and so too opens up the enterprise to risks. Executives may assume something is protected as they perceive the budget to be spent in a certain way, when in actuality, it may not be. It sounds simple, but the real key here is communication and the coming together of key stakeholders to identify what, where and why infosec budgets are spent as they are. 

Breaching the blind spots
Further misunderstanding can be caused by not knowing what is happening to the flow of information within an organization. It is vital not only to know what security measures are in effect but also that staff members are following the correct procedures in regards to the handling and storage of data.

As the study shows once more, 64% of business decision makers are not sharing where they store important corporate data with their IT security teams. In addition, IT says that it cannot always track data across the enterprise. Such a lack of visibility, and information sharing, can be incredibly dangerous in the event of a breach—leading to the potential permanent loss of critical data.

Fundamental data handling and recovery procedures need to be in each employee’s mind as it relates to daily operations and future incident response needs.  

Backup and recovery—moving forward
CIOs and IT decision makers are under constant pressure to cover multiple security priorities and emerging challenges. The executive team should also have a basic understanding how critical data is handled, stored, secured, and will be recovered if need be.

With a shift to growingly fragmented working practices, the days of corporate information being safely tucked up in the datacenter are long gone. Successfully securing the enterprise today is a continuous quest of guarding against the ever-changing business and IT environments, something which requires constant attention.

Preventative security tools such as anti-virus and firewalls are still needed, but they are no longer effective as a stand-alone measurement. That is why enterprise security must be multi-layered, with resilience built into every element to ensure data protection. Focusing on prevention, detection, mitigation, and recovery is fundamental to an enterprise resiliency program.  

What’s Hot on Infosecurity Magazine?