Make or Break: What To Do When Security Solutions Fail

Written by

Now more than ever, the question of a security breach is when, rather than if. The ongoing COVID-19 pandemic has seen the rise of increasingly sophisticated security threats, and the criminals behind them have become ever more confident. Their victims have been caught off guard due to failings in security posture. This is because of remote working, widening perimeters, panic and uncertainty. Throw it all together, and you’ve got an environment in which ransomware, phishing and other social engineering attacks can thrive.

Just as breaches have become a certainty, so too have failings in security solutions — no matter how much time, energy or money you throw at them. It’s a harsh reality, like death and taxes, but that doesn’t mean you can’t still protect your data when it happens. In fact, having the ability to do so could decide how, and if, your organization recovers from a security breach.

Modern organizations are made or broken by how they secure their data in such a crisis. In the aftermath of a ransomware attack, victims either sink or swim; the key differentiator between the two outcomes typically being a strong business continuity strategy built around the concept of zero trust.

The Birth of Zero Trust

The world today needs a new way of looking at security: zero trust, a concept best explained.

When you come home at the end of the day and unlock your front door, it’s safe to assume no one is in there waiting for you. Right? But what if that weren’t the case? What if one day, an intruder caught you by surprise? Now, every time you come home and unlock that door, you’re going to be on high alert, assuming that someone could have broken into your house. How would you act differently, and what steps would you take to make sure you’re safe? Think of your network as your home, and you can see what I’m getting at. 

Assuming intruders are already present on your network, the obvious first step would be to assess the perceived risk and understand who has breached your perimeter. From here, you turn to backups, making sure all critical data remains backed up, clean and recoverable should your systems be held ransom. Finally, when you’re safe in the knowledge that you’re able to get through these security failings with backups intact, you act. Effectively doing so will be the difference between a seamless recovery process and costly, damaging downtime. 

Five Steps To Ensure You’re Ready For The Inevitable

Of course, it’s no use thinking about this after the fact — savvy organizations will have preemptively followed the below steps to ensure they’re ready to act the moment their security solutions fail:

  • Be Prepared: Before any real-world scenario, make sure you have anticipated the worst-case scenario and worked backwards from there. 
  • Start with Prevention: using third-party solutions, make sure your organisation has everything in place to stop threats in their tracks before they can do any real damage.
  • Focus on Visibility: As with prevention, custom tools designed to detect ransomware and other attacks the moment they breach your perimeter are vital if you are to swiftly identify and remove the threat.
  • Assess, Assess, Assess: In the face of a breach as a result of your security solutions failing, be decisive in identifying and prioritising mission-critical data that must be restored.
  • Recovery Position: Once you’ve effectively removed the threat, you can restore your data and continue with business as usual! Make sure you have an immutable backup solution in place so that your data cannot be rewritten or changed by attackers. 

These steps, used in conjunction with a modern disaster recovery solution sophisticated enough to begin orchestrating recovery the moment your security solutions fail, will ensure you bounce back from whatever comes your way. But how do you find the right solution?

The Data Recovery Battle 

While ransomware attacks have matured and their ability to cause legitimate IT disasters have been proven, traditional data recovery solutions haven’t entirely kept up with the modern world. As a result, they now face the challenge of expanding their scope to include an element of cyber resilience.

For this to happen, there is a need for tighter integration between disaster recovery solutions and ransomware detection capabilities so that, when ransomware activity is detected, an immediate failover to a secondary data center or cloud is triggered. This automated ransomware response means data is safely backed up and ready to use when a security system fails.

That automatically protected data is safe thanks to immutability, a feature that is non-existent in traditional data recovery solutions. This means that all data that goes through the platform is stored in an immutable manner which prevents external or internal operations from modifying that data in any way. Immutable data cannot be infected, cannot be encrypted after the fact and is therefore immune to ransomware and other malicious activity or administrative errors, giving you a safe, air-gripped third copy of your data which is always up to date and has become increasingly important for many organizations. 

Most traditional data recovery solutions, usually standalone applications, aren’t equipped to handle these ransomware events and require separate infrastructure, complicated software and a specialized skill set to be of value. As a result, these systems become yet another drain on resources, energy and costs.

Comparatively, modern-day data protection platforms integrate seamlessly with your technology estate, continually improving as your technology workloads grow and expand. This removes the need for added hardware, expensive software and convoluted IT operations.

The result is disaster recovery and ransomware response that equates to less downtime, less stress on you and your team and significantly reduced loss for the organization.

What’s hot on Infosecurity Magazine?