C1 Thought Leadership

4 Core Components to a Successful Cyber Recovery Solution

Written by Hassan Kassih, Senior Director, Data Center | Dec 21, 2021 3:00:00 PM

Hackers have upped the ante. Throughout 2021, cyber criminals grew more sophisticated, more organized, and more aggressive, using advanced techniques and cooperation among hacker groups to drive an unprecedented number of attacks. All told, the cost may tally an estimated $6 trillion in losses just this year, according to Cyber Security Ventures.

“We have seen many high-profile attacks on organizations and firms across the country in 2021,” says Hassan Kassih, senior director of the National Data Center Practice at C1. It took just six ransomware groups to breach 290 organizations, claiming $45 million from the attacks. There was the hit on the Colonial Pipeline, the Steamship Authority of Massachusetts, JBS Food, and the Washington DC Metropolitan Police Department. The shut down of critical infrastructure can create shortages, drive up the costs of goods and services, and deliver significant financial losses.

Despite deep investments in cybersecurity tools, nearly 80% of senior IT and IT security leaders say their organizations lack sufficient protection against cyberattacks, according to an IDG Research Services survey commissioned by Insight Enterprises.

So how do government agencies and companies protect their data? They roll out a sophisticated Cyber Recovery Solution with a data protection architecture that combines multiple layers of protection and security of critical data, whether it’s customer information, trade secrets, social security numbers, or health data.

C1’s Kassih outlined the 4 pillars of a Cyber Recovery Solution:

1. Isolation

Kassih compares the need to isolate and secure critical data in a network to the benefit of owning a vault or a safe inside your house.

You may have a front door that's locked, but anybody can break the glass and get in. But the safe is locked, bolted to the ground. It's highly secure. And you store all your valuables like your documents and your passports there. It’s the exact same concept in a cyber recovery vault solution.

The cyber recovery vault is disconnected and secured from the production network by using a virtual air gapped technology. The vault stores all critical data off-network to isolate it from attack, and it’s restricted from users other than those with proper clearance.

2. Immutability

In recent years, hackers have perfected the ability to get into a network, gain admin access, and ensure they have full access to all systems and devices before launching their massive attack and locking everything. Before they do this, they work hard to locate the backup solution and either delete or encrypt all backup data, so an organization cannot recover—and wind up at the mercy of the attackers.

That’s why it’s so important to have immutable data copies with locked retention policies of all critical data. Kassih said this way, attackers will not be able to delete, encrypt, or manipulate backup data.

3. Threat Intelligence

If a thief breaks into your home, they typically attempt to get in and out as fast as they can. It’s the opposite in the case of a security breach.

Attackers are spending more time inside company walls without anyone even realizing it—on average 200 days, according to a recent report by IBM. Cyberattacks don’t happen overnight. They require planning and plenty of work. The attackers go through a back door into a system, and once they’re inside, they spend weeks getting the highest level of authorization and administrator access, which lets them do the real damage: taking full control and creating a mass ransomware attack in which every piece of data becomes encrypted.

Cyber recovery solutions include a sophisticated array of artificial intelligence capable of detecting unusual activity inside a network through the daily backup process. A backup copy is reviewed every day using machine learning algorithms, comparing it to previous copies, and identifying any malicious activities and discrepancies in the pattern, says Kassih. This way you can always ensure that you have a clean copy that you can rely on to recover when needed.

4. Rapid Recovery

If a security breach does actually occur, certain organizations must adhere to strict regulations, depending on the type of data stolen. It must report the breach to law enforcement agencies, conduct forensic analysis, and assess all damages. During that time, no one will be allowed to touch any device and the network will be declared a crime scene.

Once the investigation is over, and after confirming that the Cyber Recovery solution is intact, then the recovery process starts. Everything must be wiped out and rebuilt, leveraging backup data. This can be a daunting and confusing process, because most IT organizations don’t handle it on a regular basis. That’s why C1 provides its clients with a cyber recovery “run book,” a comprehensive document containing all workflows and tools needed to perform rapid recovery after an incident using dynamic incident response processes and recovery procedures. The goal is to minimize business disruption and resume operations as soon as possible. “It's a manual to walk you through the whole process from start to finish,” says Kassih.

C1 assists clients in the beginning of the process, by conducting a Cyber Recovery Workshop to assess their risk, determine what they need, and design and deploy the appropriate Cybersecurity and Cyber Recovery solutions. C1 can also manage the solution 24/7 and provide incident response and recovery services. “We mobilize our troops, and our cyber recovery specialists work hand-in-hand with our customers, mitigating risk and performing full recovery,” says Kassih.

Company leaders may falsely believe that if they have general disaster recovery, they’re safe. But the truth is, no organization is immune. A comprehensive, multilayered Cyber Recovery solution may be your best weapon today against a far more sophisticated—and more aggressive—breed of hackers.