Skip to main content
Arrow Electronics, Inc.
Resiliency And Backup
Article

Resilient by Design: From Backup to Cyber Resiliency

May 27, 2024 | Brett Lee-Price

Why Conventional Backup Solutions Are No Longer Enough

Over the last decade, the perception of data has shifted dramatically. Once considered just one of many assets to secure, data is now recognised as the most critical asset requiring protection. This shift is largely due to a series of high-profile data breaches in recent years, which have underscored the importance of identifying, classifying, and securing Personal Identifiable Information (PII).

This new focus on the security of data presents myriad challenges for organisations. Firstly, they must audit the totality of their environment for such data, but also, further, ensure that in the evitability of a successful data breach, that access to such data is minimised, to reduce data exfiltration. Furthermore, such data must be properly copied and stored in a manner that allows it to be swiftly recoverable, particularly in the case of a successful execution of ransomware. This is so not only a company can be compliant in light of increasingly stringent regulations, but also to prevent lengthy operational downtime as was seen in the recent case of Change Healthcare in the United States.

However, here’s the nub – In most companies’ cybersecurity posture, there is an inherent weakness when it comes to that last part. Many are relying on traditional Backup and Recovery solutions that were never specifically devised with a cybersecurity mindset. The architecture of these legacy solutions are often ill-equipped to handle the sophisticated tactics used in successful breaches and ransomware attacks. As a result, companies struggle to recover efficiently, facing severe disruptions while they attempt to identify, contain, and eradicate the threat.

This is why, when companies examine and audit their cybersecurity posture, there must be a deliberate focus on their level of cyber resiliency. Organisations need to assess how well they can withstand, recover from, and adapt to adverse conditions, attacks, or compromises affecting their data. Rather than treating backup and recovery as an afterthought or a process disconnected from overall security efforts, these functions must be integrated into the overarching cybersecurity strategy. (According to NIST, the ability to copy or back up data and swiftly recover is crucial to Incident Response.) Existing solutions must be evaluated for their effectiveness in preventing attacks that could lead to data exfiltration or ransomware encryption.

 

The Role of Cyber Resiliency

At the heart of cyber resiliency is the critical need to secure, copy, and immutably store data. This approach ensures that, even in the event of a successful breach, an organisation’s data remains intact, unaltered, and recoverable. Here are the key elements:

Data Security

Data security involves protecting data from unauthorised access and corruption throughout its lifecycle. This includes encryption, access controls, and continuous monitoring. Data security is the first line of defence in a resilient cyber strategy, ensuring that only authorised individuals can access sensitive information.

Data Copies

Creating multiple copies of data is essential for resilience. These copies should be stored in different locations to protect against physical or cyber disasters that may affect one site. Regularly updating these copies ensures that the most recent data is always available for recovery.

Immutable Storage

Immutable storage means that once data is written, it cannot be altered or deleted. This is crucial for protecting against ransomware and other forms of cyberattacks that aim to corrupt or erase data. Immutable storage provides an unchangeable record of data, which can be relied upon in recovery scenarios.

 

Regulatory Pressures and Compliance

Increasingly, the Federal government and regulatory bodies in Australia are enacting stringent regulations to ensure the protection and privacy of data. The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 significantly increased the penalties for serious or repeated privacy breaches, with fines now reaching either the greater of $50 million, three times the value of any benefit obtained through the misuse of information, or 30 percent of a company's adjusted turnover during the relevant period. This new legislation underscores the importance of robust data protection and cyber resiliency strategies. Additionally, the Australian Privacy Principles (APPs), under the Privacy Act 1988, impose strict requirements on how organisations handle, store, and protect personal information, with expected reforms to the Act on the horizon. Non-compliance with these regulations can result in severe penalties, making it imperative for organisations to adopt robust data protection and cyber resiliency strategies.

 

The Shortcomings of Legacy Backup and Recovery Solutions

Legacy backup and recovery solutions are often ill-equipped to handle the modern requirements of cyber resiliency. Here’s why:

Limited Security

Traditional backup and recovery solutions face a variety of challenges, often specific to the particular solution. Many of these solutions store backups in the same environment as the primary data, making them vulnerable to the same threats. If an attacker gains access to the primary system, they can frequently compromise the backups as well. Additionally, many backup solutions were not initially designed with cybersecurity in mind, resulting in limited incorporation of sound cybersecurity principles. For instance, the lack of separation between the control and data planes can allow a threat actor to hijack the solution during a successful attack, gaining access to or encrypting the data.

Slow Recovery

Restoring data from traditional backups can be time-consuming and labour-intensive. In the event of a cyberattack, organisations need to recover quickly to minimise downtime and operational impact. Traditional solutions often lack the speed and efficiency required for rapid recovery.

Lack of Immutability

Many traditional backup solutions do not provide immutable storage, leaving backups susceptible to corruption or deletion by sophisticated attacks like ransomware.

 

The Need for Cyber-Resilient Solutions

To address these challenges, organisations need to adopt solutions specifically designed around the concept of cyber resiliency. These solutions offer advanced features that go well beyond traditional backup and recovery:

Immutable Snapshots

Cyber-resilient solutions create immutable snapshots of data, ensuring that once data is written, it cannot be altered or deleted. These snapshots provide a secure and reliable source for data recovery, even in the face of sophisticated cyber threats.

Cloud-Based, Air-Gapped Environments

Storing data in cloud-based, air-gapped environments separates the control and data planes, providing an additional layer of security. Air-gapping ensures that even if the primary environment is compromised, the backup environment remains isolated and secure.

Best-of-Breed Security Practices

Cyber-resilient solutions incorporate best-of-breed security practices, including the separation of control and data planes, encryption, multi-factor authentication, and continuous monitoring. These practices ensure that data remains protected throughout its lifecycle, from creation to storage to recovery.

Rapid-Response Recovery

In line with the NIST Incident Response Plan, cyber-resilient solutions are designed to provide rapid-response recovery. This includes automated recovery processes, real-time monitoring, and advanced analytics to quickly identify and mitigate threats. The ability to recover quickly minimises downtime and operational impact, ensuring business continuity.

 

Implementing Cyber Resiliency

Adopting a cyber-resilient approach requires a shift in mindset and strategy. Here are some steps organisations can take to implement cyber resiliency effectively:

Conduct a Risk Assessment

Understanding the specific risks and vulnerabilities facing an organisation is the first step. Conducting a comprehensive risk assessment helps identify areas of weakness and prioritise investments in cyber resiliency.

Invest in Advanced Technologies

Investing in advanced technologies that provide immutable storage, air-gapped environments, and rapid recovery capabilities is essential. These technologies should be integrated into a comprehensive cyber resiliency strategy that includes prevention, detection, response, and recovery.

Train and Educate Employees

Employees play a critical role in maintaining cyber resiliency. Regular training and education on cybersecurity best practices and incident response procedures are vital. Ensuring that employees are aware of their roles and responsibilities in maintaining cyber resiliency helps create a security-conscious culture.

Test and Update Continuously

Cyber resiliency is not a one-time effort but an ongoing process. Regularly testing and updating your cyber resiliency plan ensures that it remains effective in the face of evolving threats. This includes conducting regular drills, updating technologies, and refining response strategies based on lessons learned from past incidents.

 

Conclusion

In an era of increasing cyber threats and increasingly stringent data regulations, the need for cyber resiliency has never been more critical. Traditional backup and recovery solutions are no longer sufficient to protect against modern cyber threats. Organisations must adopt cyber-resilient solutions that provide immutable snapshots, air-gapped environments, and rapid-response recovery capabilities. By doing so, they can ensure that their data remains secure, immutable, and quickly recoverable, minimising the impact of cyberattacks and ensuring business continuity. Embracing cyber resiliency is not just a strategic advantage but an absolute necessity.