Managing enterprise IT environments requires a collective effort. Most enterprise organisations deploy on-premise, cloud, hybrid infrastructure and SAS services, with services and solutions delivered by internal and third-party multi-disciplined teams.
With delivery spread across multiple teams, it may be easy to assume that the task of ensuring cyber resilience is someone else’s responsibility. But recently enacted regulations in Europe, including the Digital Operational Resilience Act (DORA), take a focussed position on the matter.
According to DORA, which will become mandatory for all financial sector businesses in Europe in January 2025, businesses are solely responsible for their entire IT environment—including on-premise and cloud environments. Similar regulations, such as the EU Cyber Resilience Act, are clarifying all organisations’ responsibilities when cybersecurity events, including data theft and data loss, occur.
These clarifying efforts are taking place at a time when the frequency of cyberattacks is surging across Europe. In late 2023, the European Digital SME Alliance noted that cyberattacks had surged by 57 percent in recent months.
This wave of cyber threats has pushed organisations to consider the best approach to protecting business operations. By taking accountability now and investing in effective cyber recovery and resilience, organisations will have an early advantage adjusting to new compliance requirements while enjoying greater protection for their critical data now.
How regulatory accountability is raising the standard for EU cybersecurity
In Europe and around the world, new and planned data regulations are serving as a rising tide to lift all boats. Better standards for cybersecurity and data integrity are driving better protection for businesses and their customers.
GDPR was the first significant introduction of regulation in this area, followed by the EU’s NIS2 Directive DORA. A number of similar efforts to enhance cybersecurity across Europe have followed to increase standardisation, certification, and accountability for cybersecurity. Businesses are held accountable—and although fronting the cost may seem heavy, those organisations will directly benefit from their investments by reducing their exposure to cybercrime as well as noncompliance penalties.
The projects to implement cyber recovery solutions are also driving businesses to identify their critical data and applications, leading to more efficiency in governing data management within an organisation.
As the rate of professional cyber attacks increase annually, it’s no longer a question of ‘if’ you’ll be breached. It’s a matter of ‘when.’ Given that this is the new reality, there has been a significant increase in the number of organisations conducting reorganisation exercises to stand up teams to manage all aspects of protecting and recovering from cyber breaches.
Addressing this challenge requires effort across all streams of people, process and technology.
Faced with these inevitable security risks, businesses must be prepared to take significant actions, Accountability for cyber resilience is only the first step. Business survival depends on your ability to recover safely, and with full data integrity in a short timeframe while using forensics to understand the nature and extent of breach in parallel to the recovery effort.
The challenges of ensuring data recovery and resilience
The rise in cyber threats and regulation is only part of the challenge. While businesses are under pressure to strengthen their own cyber resilience, they often lack the technology and resources required to effectively overcome some of the urgent challenges currently facing enterprise organisations around the world:
Cyber attacks are increasingly sophisticated
Cyber crime is using more sophisticated technology and complex strategies to engineer successful attacks on organisations of any size. While phishing attacks are still the most successful way to breach an organisation where they are targeted and personal, recent trends in the evolution of these attacks include the rise of politically motivated ‘hacktivism’ attacks, as well as the use of artificial intelligence to execute successful, severe attacks.
The evolution of these cyber threats is straining conventional cybersecurity and disaster recovery systems. Even when organisations have end-to-end security and disaster recovery solutions in place, safety is far from guaranteed—and the potential damage of a breach is even higher.
Existing disaster recovery systems aren’t designed for a post-attack response
Traditional disaster recovery aims to facilitate recovery from events that are often unintentional, unpredictable, and impossible to prevent. In general, though, these are not caused by malicious acts.
DR systems prioritise speed of recovery and restoring data availability to minimise downtime, but they aren’t designed to ensure zero data loss—particularly when it comes to personally identifiable information, intellectual property, and other types of data typically targeted by deliberate cyber attacks.
With DR events, organisations know exactly what the cause of the issue is. In most cases, the issue is confined and doesn’t result in enterprise wide data corruption.
This leaves organisations exposed to data loss if attackers steal or encrypt data during a ransomware or similar cyber attack. Disaster recovery may help you get your business systems back online, but it won’t allow you to do so with full data integrity. Many organisations that have moved to dual site active-active configurations for DR event mitigation will now find they have no resilience against a cyber breach as both sites will be affected simultaneously.
A lack of resilience leads to increased business disruption and cost
Because traditional DR systems aren’t equipped to deal with post-attack scenarios, the businesses reliant on recovery from cyber attacks face an increased risk of data loss, as well as extended disruptions to business operations and revenue-generating activities.
Data encryption and cyber attack related data loss presents a far more complex challenge to disaster recovery events. Even when organisations are able to restore their critical systems and data, the process of doing so is often inefficient and disorganised, compounding the material cost of the attack.
Organisations may struggle with identifying critical data and determining the best methods to recover those assets. A lack of immutable data can create disorder around data recovery and call into question the integrity of that data—which means that the fallout of a cyber attack can persist long after the security breach and subsequent recovery.
Businesses can try to blame their disaster recovery systems for letting them down, but those systems weren’t designed for that purpose. Cyber resilience can only be achieved when businesses invest in a Cyber recovery strategy.
Critical requirements for post-attack recovery
Evolving regulatory requirements are forcing organisations in Europe to increase their investment into cybersecurity. But meeting the bare minimum standard is hardly enough to safeguard business data and operations in the event of an attack.
Effective last-line data protection requires the following:
- An immutable copy of critical data providing a centralised, reliable, and up-to-date record enabling recovery with full data integrity
- Physical isolation of data invisible to the network, away from attack surfaces to make your critical data invisible to unauthorised entities
- Auditable proof of compliance to meet all applicable regulatory requirements
- Access to a clean room where data and applications can be evaluated in a safe space prior to restoration
- Forensics on vaulted data to provide early warning of potential corruption starting on production data. These forensics also help in identifying the source of corruption and identifying files necessary for recovery
- Ongoing patching, reporting, and regular recovery testing to ensure recovery performance and regulatory compliance
- Separation of duties to ensure the team managing the cyber recovery solution is not the team managing production
Managing enterprise cyber recovery environments is complex and requires a team with a significant number of years experience managing enterprise infrastructure backup and recovery solutions combined with infrastructure security. Cyber recovery is a process that needs to be exercised on a regular basis. Data needs to be forensically checked on a daily basis to reduce the dwell time exposure for organisations.
Take accountability for your cyber resilience now. Talk to Triangle today to learn more about our cyber recovery service.
