Member Article

How Cyber resilience is key to effectively protecting data

AJ Thompson is CCO at Northdoor plc

As cyber resilience continues to make an impact, companies are discovering how it differs from long-standing alternative methods of data protection.

The last year has of course seen huge upheaval and change. A lot of this change will be with us for some-time yet, some of it including remote working and hybrid teams have been see as positive and are likely to be permanent. However, amongst this positivity, cyber criminals have also been upping their efforts, and the level of sophistication of their attacks to try and take advantage of the level of flux that has surrounded us for the past year.

A Government report in 2020 showed that almost half of businesses (46 percent) had been the victims of cyber-attacks or security breaches. An Interpol assessment also undertaken in 2020 found that during a four month period (Jan- April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs were received by companies. All of these threats reported by Interpol were specifically using the pandemic as a tool to try and gain access to data and infrastructure.

This increased threat comes at a time when all companies are holding more valuable and often more sensitive data than ever before. This means that previous assumptions about the size of companies or sectors targeted by cyber criminals are no longer true and businesses of all sizes are now potential victims. Indeed, a Federation of Small Businesses (FSB) report showed that small firms in the UK suffer close to 10,000 cyber-attacks a day.

This means that all companies, no matter their size, have to look at what solutions they have in place to protect themselves from attack, and in a worst-case scenario, how they can ensure that they are able to continue to work as effectively as possible and to mitigate the damage.

What is cyber resilience?

The first thing to know about cyber resilience is that it is not cybersecurity. Cybersecurity focuses on protecting companies from cyber-attack, putting in place solutions that make it as difficult as possible for cyber-criminals to get through. This might be firewalls, anti-malware or phishing software and installing security updates and patches.

Cyber resilience on the other hand looks at helping companies if the cybersecurity element fails, or other factors (human error or natural disasters) impact a company’s ability to work effectively or protect its data.

As we have seen over the past year, some companies have worked on the basis that ‘everything is going to be alright’ or that cybersecurity is enough to keep out threats. The latter in particular has been the mind-set of companies over the past few years. Some are content to sit behind their firewall with the expectation that cybercriminals will never be able to make it over the top. The last year has shown just how adept cybercriminals are at increasing the sophistication and nature of their attacks. They tend to be at least one step ahead of cyber-defences. Therefore, sitting passively behind your firewall is no longer an effective strategy. This approach also encourages a rather blasé attitude with regards to internal systems, with some thinking if the criminal can’t get in, there’s no point putting into place internal controls.

Much has been learnt during the pandemic however. Most companies now realise that some form of protection needs to be in place if the worst happens and they are successfully hacked or data is breached. Cyber resilience helps organisations protect against cyber risks, limit the impact of any damage and helps to ensure the company can continue trading during and in the aftermath of a cyberattack.

Cyber resilience vs Disaster recovery

As much as cyber resilience is not cybersecurity, nor should it be considered a form of disaster recovery. Cyber resilience assumes that disaster recovery infrastructure is already in place. Recovery from a specific, destructive cyber-attack can be a very different proposition from recovery from another disaster like a power surge, a flood, fire or similar event.

Cyber-attacks are typically not limited to a specific location so the potential of their impact can be wide ranging and potentially disastrous, even with traditional disaster recovery solutions in place. These traditional backup and recovery approaches have proven insufficient to fend off these evolving and increasingly sophisticated threats. Backup and DR solutions were never designed to minimise production exposures and avoid the resulting negative business impacts.

One key aspects of the cyber resilience tool kit is cyber recovery. It is very different to disaster recovery as it provides an isolated, operational air gap for data vaulting. This is a crucial difference. A true logical air gap needs to be inaccessible and offline – not just in a different location, otherwise it can still be compromised by cybercriminals.

Unlike data recovery, cyber recovery identifies the key data and claims it. DR simply takes the data pushed from the website or infrastructure. It is not specifically identified as key data and come in huge volumes. DR then takes the large quantity of data collected and places it in a data centre and in some cases a secondary, backup data centre. In contrast, the cyber recovery solution takes the business-critical data collected and holds it in separate offline silos, ensuring that the data is inaccessible to criminals who might gain access to infrastructure.

The way the data is collected also means that the silo is only open for the split second it needs to grab what it has identified as business critical information. The DR solution approach means that the portal is almost constantly open, offering cybercriminals an easier route in.

Business resilience

Resilience has been the key word for all businesses over the course of the last year. By showing resilience business have been able to continue through uncertain and ever-changing times. This resilience should be taken into protecting data, which is now more valuable and sensitive than ever before.

By using cyber resilience tools alongside existing DR solutions companies can have some peace of mind that they are building more resilience into their business. Cyber resilience not only helps to keep the cybercriminal out, but also ensures, in the worst-case scenario, that the most business-critical data is safe, allowing companies to continue working in spite of the success attack, mitigating damage to infrastructure, reputation, and finances.

This was posted in Bdaily's Members' News section by Anna Boyce .