Article by Splunk A/NZ area vice president Simon Eid.
Australian organisations could face massive disruptions in the wake of a computer shutdown or cyber attack because IT recovery systems aren’t up to scratch.
This is the latest message coming from Victoria’s auditor-general Andrew Greaves, after a recent audit of the state’s government agencies found that 41% of computer systems lacked disaster recovery plans.
This is just one example of the risks you face without sufficient processes to identify and recover systems. Businesses should take the findings from Victoria’s audit as a lesson to review their own IT disaster recovery plans. However, the most significant challenge for IT operations lies in getting staff to recognise, prioritise and act on disaster recovery. Here’s the smart way to handle it.
The Victorian auditor general's report recommends a disaster recovery group be set up to provide technical support and advice in the wake of an IT disaster.
While this is a good idea, an assigned individual within an organisation needs to be accountable for building and implementing the plan when disaster strikes. Cyber attacks are becoming more frequent and more sophisticated.
At the same time, it’s taking companies longer to realise the severity of a breach. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53% of attacks are detected externally, on average at 320 days.
The Yahoo hack is a good example. In 2016, Yahoo announced that more than a billion accounts had likely been affected by a hack which occurred during 2013.
In October last year, Yahoo claimed new intelligence which revealed that more than three billion accounts had been affected – that’s every single Yahoo user’s account.
As indicated by the Yahoo example, businesses get interrupted and fail if they don’t have sufficient backups. We’ve seen a number of recent ransomware attacks where virtualised backups have also been destroyed.
Look no further than NotPetya which took down Cadbury’s chocolate factory in Hobart, Tasmania, as well as law firm DLA Piper Ltd.
The same attack cost Maersk, the world’s largest container ship and supply vessel operator, up to $300m in lost revenue because the company didn’t have backups in place.
The risk is real, but so too is the opportunity to detect ransomware in your network and mitigate risk. You need visibility into the validity of backups.
Enterprise backup solutions create detailed logs of all their activity, monitor the file output from these tools, and leverage the information in alerts and dashboards to confirm that critical systems are being backed up.
Attack capabilities have evolved beyond traditional detection boundaries. The major data breaches of 2017 are providing fertile grounds for new waves of ransomware and phishing, as attack vectors will continue to shift across the technology stack.
If you ask yourself now – How prepared is my organisation? How much visibility do we have of a potential IT disaster? – you’re already one step closer to recovering your systems from the disruptions of tomorrow.