A hurricane knocks out the electrical grid, and a facility switches to back-up power. A tech-entrenched facility catches fire, and the IT department switches the data center over to a different data center in another state. An earthquake fractures a corporate office campus, making it dangerous for employees to be on-site, but remote working is securely enabled by technology. They don’t miss a beat. The list of emergency scenarios and recoveries goes on and on.
In the wake of these disasters, business continuity is naturally paramount, and resilience is a necessity. In each of these cases, there is action taken to ensure disaster recovery (DR) is done smoothly. But what does “recovery” look like when the disaster is a “cyber disaster,” caused by cyberattacks, such as ransomware and malware?
Why is early detection of a cyber disaster crucial to limit the impact of cyberattacks? What types of technologies enable a recovery-first strategy? How does AI play into a DR plan? What are the stages of digital disaster assessment in an organization’s cyber operations amid such a disruptive event? How is uncompromised data the key to true recovery?
This article sets out to answer these questions and shows you why enterprise cyber storage resilience should be a critical element of an enterprise’s disaster recovery/business continuity (DRBC) strategy.
The Hunt for the Cyber Criminal
Thirty minutes before daybreak, a cybercriminal launches a ransomware attack against your enterprise. It’s a direct attack on the data of your organization, shrouded in digital darkness. Your business-critical and mission-critical data are all encrypted, captured and compromised. In what seems like a blink of an eye, a cyber disaster unfolds. The cybercriminal has taken your company’s data “hostage” and demands a ransom. Business operations grind to a halt.
In response, in this forward-looking, simulated scenario, your organization counter-acts the ransomware attack, leveraging its enterprise cyber storage resilience – at the heart of where the data lives: the storage infrastructure. The full stack of enterprise cyber resilience is unleashed, including cyber detection and automated cyber protection. A known clean copy of all the datasets is identified and scanned for data integrity.
Thirty seconds later, your organization recovers the data and minimizes the impact of the cyber disaster. Yes, within a minute, the data can be recovered. AI and machine learning (ML) are now used to validate the known good copy of data. No need to pay the ransom! No waiting days for the data to be restored! No major disruption to the business or to customer transactions. The cyber disaster has been turned into a cyber triumph.
Near-instantaneous cyber recovery is instrumental in overcoming such a cyber disaster. Without this rapid cyber recovery, this kind of cyber disaster would cripple an organization, disrupt customers, cost millions of dollars, and change the image of a company overnight.
Now, let’s unpack how this happens. Indeed, it does not happen by accident or by happenstance. Underlying this kind of disaster recovery is proactive detection and response.
Unpacking the Elements of Rapid Cyber Disaster Recovery
How is an organization able to recover from a cyber disaster within one minute? It challenges traditional thinking. It defies legacy approaches to disaster recovery. It recognizes a “brave new world” in which the heart of a company is no longer a physical building, but it is its data infrastructure. This is why cyberattacks now rise to the level of a “disaster” of a digital nature – and it’s not just up to the IT department to pay attention. Those responsible for disaster recovery have a stake as well.
Dissecting the anatomy of a cyberattack provides insights into the scope of digital disruption. It’s commonly known how cyber criminals gain unlawful access to an organization’s network through a vulnerability. They deploy ransomware code and increase their access and privileges. They compromise the data infrastructure by inserting this malicious code. They may be using shadow encryption, slow and intermittent encryption, database corruption, or “timebomb ransomware.” Ultimately, the reality is that an enterprise is already compromised before there is any visible manifestation of a cyberattack that causes the cyber disaster.
A proactive, recovery-first approach is needed. Proactive cyber detection must be done upstream. The key is to use cyber detection built into primary storage, leveraging content-based analytics to examine the full content of files and database pages. What you should be looking for is a subtle sign of ransomware activity.
An AI model that is extensively trained on the behaviors of ransomware and malware – and how they affect data content – needs to be continuously trained on new ransomware variants. If it misses something, the AI is retrained. Then AI is able to make an educated prediction whether a data change is indicative of an attack. AI plays an important role in the recovery process.
AI is trained to look for and actually understand patterns of corruption, including encryption and mass deletion. Any incorrect predictions need to be merged back into the training data for refinement. A factor of having success in the recovery from a cyber disaster with AI is to test the detection against a large set of real-world data – tens of millions of data points. You want your cyber detection in your storage infrastructure to have 99.9% accuracy. If you don’t, it could throw off your recovery.
Complementing cyber detection is the full stack of cyber storage resilience elements, including immutable snapshots, logical air gapping, and a fenced forensic environment. When you couple these elements together, along with advanced ML-driven detection and automated cyber protection for integrating with the security operations center and cybersecurity applications, you get reliable next-generation data protection capabilities that enable rapid recovery from a digital disaster.
With these DR tools for the cyber operation of a facility or a multinational company, there is a deeper awareness whether your organization’s data – its most important asset – has integrity. No longer will cyber criminals be able to hide their tracks or circumvent your IT team’s watchful eye. No longer will the covert attack to corrupt the data be able to obliterate business continuity.
Actionable Intelligence in Cyber Disaster Recovery Planning
Recovery from a disaster is very much about getting relevant and accurate intelligence upon which you can confidently make decisions and act. You may use different models and frameworks for decision-making in the heat of a disaster, but at the end of the day it comes down to an organization’s preparedness and response capabilities.
With increased enterprise cyber storage resilience from next-generation data protection – and a DRBC plan that is built with the data infrastructure in mind – your organization obtains actionable intelligence that supports recovery.
Just like when a natural disaster happens and you assess the origin, patterns, and fallout, you need to have digital tools that provide insights into the origin of the cyber disaster, look into the audit trails for compliance purposes, and reconstruct the attack accurately and quickly. As part of preparedness, you need to test your plan and your capabilities before a cyber disaster happens. And it should not only be the IT team. There needs to be policies, processes and coordination built around cyber from a multi-disciplinary standpoint.
Because a cyberattack affects virtually every part of an organization, the disaster response team should have leaders from all major functions. Granted, the CIO or CISO can lead the charge in a cyber disaster, but you also need personnel involved from physical security, operations, human resources, customer support, manufacturing, procurement, finance, legal, and communications.
Central to the recovery effort is the enterprise cyber storage resilient platform used as the backbone that enables an enterprise to bounce back from a cyberattack. A ransomware or malware attack hits, and your enterprise switches over to a known clean copy of data. The negative impact is eliminated. It’s business as usual. The recovery plan works. You don’t miss a beat.
Related Content
ABOUT THE AUTHOR
Eric Herzog
Eric Herzog is the chief marketing officer at Infinidat. Prior to joining Infinidat, Herzog was CMO and VP of global storage channels at IBM Storage Solutions. His executive leadership experience also includes: senior vice president of product management and product marketing for EMC’s Enterprise & Mid-range Systems Division and CMO and senior VP of alliances for all-flash storage provider Violin Memory.
DOWNLOAD EXCEL 
DOWNLOAD PDF 
DOWNLOAD WORD DOC 
