Three ‘Must Haves’ to Convert Data Disaster into a Triumph

By Richard Connolly, Regional Director for UKI at Infinidat.

  • 1 month ago Posted in

When we think about disaster recovery planning, our thoughts tend to focus on natural disasters. While flood, fire, earthquakes and other natural disasters are an IT disaster too, they are not as frequent as many think.

But another type of disaster is looming large. It’s entirely preventable. I’m talking about a cyberattack. Cyber threats are much more likely to occur than a natural disaster. Cyberattacks are now widely regarded as one of the single biggest risks that any organisation faces and almost always cited by CEOs as their #1 or #2 existential threat.

The risks of a cyber attack are evident in the UK Government’s Cyber Security Breaches Survey 2024. This study reported that half of UK businesses (50%), have experienced some form of cyber security breach or attack in the last 12 months. Among the largest businesses in the study, the frequency of cyber incidents is even higher. Seventy percent (70%) of mid-range businesses and 74% of large businesses (74%) reported an attack. And these threats are not limited to the UK, as both the European Union and the United States have put out cyber security guidelines for business to follow to try to reduce the impact of cyber crime.

40% of big business cyberattacks are malware related

Cybersecurity attacks come in many forms and include a broad range of activities. Of all the possibilities, a malware attack is known to be the most disruptive to business operations. Malware incidents account for 40% of all cyberattacks on large businesses in the UK specifically and are a significant threat because of the risks they pose to data integrity. Regarded as ‘data disasters’ by storage experts, even a small malware incident can result in a business being shut down for days or weeks. Could your business survive an incident like that?

Minimise the threat of a cyberattack

If your business becomes the subject of a cyber attack, what steps can you take to minimise disruption and ensure the fastest possible recovery? In the past, one way a business could protect its data from disaster was by having data backups stored at multiple locations. If one site was hit, there would always be another copy available. Unfortunately, things are no longer that straightforward. Data disasters, like massive ransomware attacks, have completely changed the rules of disaster recovery and business continuity. Added to this, the significance of business data as a strategic asset is much greater today than it was previously. It’s why KPMG advises that ‘data is the most significant asset many organisations possess’ and protecting it isn’t just a case of having it stored at multiple locations.

3 must haves for a data disaster triumph

There are three absolute ‘must haves’ when it comes to being prepared for a data disaster with an iron-clad recovery strategy. These are as follows:

Must have #1 The ability to take ‘immutable snapshots’ of data that cannot be altered in any way and then isolate them in a forensic environment, when an attack hits. This means the copies can safely be analysed to identify a good replica of the data to recover.

Must have #2 The ability to perform cyber detection on primary storage, i.e. the data, programmes and instructions that are being used in real-time by the business; and secondary storage – data that is accessed less frequently or retained for compliance and historical reasons. Both are critically important.

Must have #3 The ability to instantaneously recover data.

Why are the data recovery ‘must haves’ so critical?

Looking into each of these capabilities in detail, immutable snapshots are the foundation of a robust data disaster recovery. Without a good copy of your data, you cannot recover quickly after a ransomware attack, which is likely to have corrupted or encrypted your data. By segregating the data copies with logical air-gapping and then having a fenced forensic environment, you can create a safe space to review the data prior to recovery. Even if datasets have been taken “hostage,” it’s possible to complete a recovery back to the most recent known good copy of data. This can completely obliterate the impact malware attacks can have because if the data is fully recoverable, there’s potentially no need to pay the cybercriminals.

The second “must-have” ability is cyber detection on primary and secondary storage. This is important because it can be an early warning sign of a cyberattack. It also ensures that there is no ransomware or malware hidden in the last known copy of data that you could revert back to. But before going through to the recovery stage, how do you know that a data copy is really “clean?”

This is where advanced cyber detection capabilities built into a software-defined primary storage platform can make the difference. They make it possible to do highly intelligent, deep data scanning and to identify any corruption whilst the data is still segregated in a fenced forensic environment. Additionally, identifying the highest integrity copy is more straightforward and it also provides indexing to identify potential issues.

The third “must-have” ability is rapid data recovery. This is obvious, but it’s easier said than done. When a business experiences a data disaster, time is of the essence. They can’t wait for days or weeks to recover a known good data copy. Even six hours of downtime is too much. Recovery should ideally take minutes to avoid a negative impact on the business. For this reason, experts measure how quickly you can recover your data and the quality of the data. Can you bounce back from a cyberattack quickly? Would your employees and customers notice if you were hit by a malware incident?

1 in 2 UK businesses experienced a cyberattack in 2023

The Government’s research says it all. Cyberattacks are taking place all the time and the latest study shows that 1 in 2 businesses are being affected. 40% of the attacks involved ransomware. As data becomes ever more important as a business asset, we can expect that these types of data disasters will become even more commonplace.

Although, your business might not be able to completely avoid a malware or ransomware attack, you can avert a full blown disaster and avoid the disruption they cause. By protecting your business with the three disaster recovery must haves – immutable snapshots, fenced forensic environments and advanced cyber scanning and rapid recovery - you will have done everything possible to mitigate this risk.

BY Jon Howes, VP and GM of EMEA at Wasabi.
By Brian Trzupek, Senior Vice President, Product, DigiCert.
By James Blake, Global Head of Cyber Resiliency Strategy at Cohesity.
By Scott McKinnon, Chief Security Officer (CSO), UK&I at Palo Alto Networks.
By Auke Huistra, Industrial & OT Cyber Security Director, DNV Cyber.
By Richard Montbeyre, Chief Privacy Officer, BMC Software.
By Danny Kadyshevitch, Senior Product Lead, Detection and Response, Transmit Security.