Recovering from a Cyberattack in 15 minutes

A cyber attack is an episode of unauthorized computer use to either steal information or disrupt systems, networks, or the operation of the computer itself. Because cyber attacks can be carried out from anywhere with access to the Internet and a computer, they are far more difficult to detect and prevent than traditional physical attacks. Once successful, a cyber attack can lead to financial loss, downtime, data loss and even physical damage. Victims of a cyber attack may also have their personal information stolen and could face identity theft if their passwords are compromised.

To prevent an attack, it’s important to harden your network by limiting access to only the people you want to have access, updating security software regularly, and conducting regular backups. If you are already a victim of a cyber attack, it’s important to stay calm and think through a plan on how you are going to recover. At the very least, you should know who your information is being shared with so that you can take steps to protect your identity.

To get a deeper understanding of this phenomenon, we caught up with Hayden Sadler, Country Manager at Infinidat, to discuss how businesses can put systems in place to withstand, recover from and avoid disruption to their primary mission and operations due to cyber incidents.

1. How would you define cyber-resilience? What makes an organisation a cyber-resilient organisation?

Cyber resilience is a cybersecurity strategy that helps organisations defend themselves against, detect, respond to, and recover from cyberattacks. This strategy doesn’t only help organisations protect themselves from cyberattacks, but also recover from such attacks in the fastest possible timeframe. It also enables them to continue their core business functions in the face of an attack. For instance, if company data was hacked / breached, an organisation with a comprehensive, implemented cyber resilience strategy can successfully recover their data in as little time as possible.

2. How can businesses transform themselves, so they become cyber-resilient organisations?

With the cyber threat landscape constantly evolving in sophistication and cyberattacks becoming more frequent, organisations find themselves spending huge amounts of money trying to resolve this. As such, organisations need to look at implementing a cyber-resilience strategy. This can help ensure that their security measures are not only limited to their networks and servers but also include primary and secondary storage. It is these platforms that hold what is, in many cases, the lifeblood of the business – their data.

As part of an overall cyber security strategy, companies should implement a robust cyber-resilient enterprise storage solution.  From a cyber resilience storage perspective, there are 4 key components:

1. Immutable Snapshots – these assist in preventing datasets from being modified or removed before the stated expiration date. Immutable snapshots cannot be changed by any administrator or rogue user. It also enables hidden snapshots as backup images, which further protects snapshots from ransomware or malware attacks.
2. Logical Local and Remote Air-gapping – this is the capability of logically separating data from its source. Unlike physical air gaps, such as tape or optical media, which may be removed from a device and stored off-site or in a vault, this allows an organisation to create a logical local and remote air gap by creating a secure area within the same system that is unreachable or by creating a secure area in another storage system.

• Fenced/Isolated Forensic Environment – this assists organisations to be able to deliver their isolated, immutable copies to a “sterile” network environment, complete with vetted secure computing resources, tools, and apps. It can further assist with examining, validating, and testing the copies, or do whatever else is necessary to ensure that they are valid.

1. Near Instantaneous Recovery –if an organisation suffers a malware or ransomware attack, it is essential for organisations to understand how fast they can recover a known good copy of their datasets.

Organisations need to remember that business continuity enables them to continue their core business functions in the face of a disaster or cyberattack. Often, businesses have disaster recovery plans that revolve around natural disasters. Yet, a complete disaster recovery plan will include a strategy to remain cyber-resilient during cyberattack not just to recover in the event of a natural disaster, as well as any other occurrence that puts critical systems at risk. A comprehensive digital transformation strategy that addresses cyber-resiliency requires integration of cybersecurity throughout the enterprise lifecycle – to protect the business, detect changing risk surfaces and evolve the capability to address changing threat levels.

3. How important is it to educate employees about cybersecurity?

Amongst other things, training and educating your employees about cybersecurity can prevent breaches. It is essential to protect a company’s data as it contains private and sensitive information. Each employee needs to know his or her role in protecting the business from cyber threats. Through training and awareness, you can prevent cybersecurity threats.

4. How can organisations recover from a cyberattack in less than 15 minutes?

Please have a look at the demo that highlights  a live recovery with Infinidat’s modern data protection solution – InfiniGuard® – and how it was done in about 12 minutes. It is impressive.  Infinidat also recently announced the InfiniSafe® Cyber Storage guarantee that will deliver recovery of immutable snapshots on Infinidat’s InfiniBox® and InfiniBox SSA platforms in one minute or less.

It’s interesting as IDC stated that Infinidat’s InfiniSafe technology, integrated across our InfiniBox and InfiniGuard offering, contains important foundational cyber-resilience elements, including immutable snapshots, logical local and remote air-gapping, a fenced/isolated network for forensic analysis and capabilities for near instantaneous recovery. This was stated by one of the global leading analysts (Phil Goodwin, Research Vice-President at IDC).

Overall, it improves the ability of an enterprise to combat and protect against ever-increasing cyberattacks and data breaches by uniquely combining immutable snapshots, logical local and remote air gapping, fenced/isolated networks, and virtually instantaneous data recovery into a single, high-performance platform. It has been included in all of our solutions. Cyber-resilience is among the most important and highly demanded requirements of enterprises today to ensure exceptional cybersecurity and combat cyberattacks across the entire storage estate and data infrastructure.

5. What do you think about cybersecurity in the public sector? Does the SA government stand a chance in fighting cyberattacks?

As much as cybersecurity is essential for any business, it is equally important in the public sector. The government will benefit just as much as corporate South Africa from a cyber-resilient approach.

6. Can you tell us about Infinidat’s Cyber-Resilience and InfiniSafe?

InfiniSafe technology delivers critical additional cyber resilience. It helps organisations protect their data, including backup data, simply and easily. It also makes it easy to test and validate data securely and allows businesses to recover their entire backup repository to their servers in minutes, regardless of how big they are. InfiniSafe technology is incorporated in both Infinidat’s InfiniBox® solutions (primary) and InfiniGuard (secondary) storage. InfiniGuard can recover an organisation’s backup data in as little as 12 minutes.

7. What advice do you have for businesses?

The salient points that organisations need to consider are:

• They need to invest in a comprehensive cyber resilience strategy.
• Partner with an enterprise storage provider that offers storage that is integrated with a virtually instant data recovery strategy.

It’s more critical than ever for organisations to know how to create a cyber-resilient environment for primary and secondary storage, as cyberattacks have become increasingly sophisticated, pervasive, and aggressive, targeting both. Companies should be investing in storage solutions that have cyber-resilient capabilities such as InfiniBox solutions (primary) and Infinidat’s InfiniGuard (secondary) storage for backup. Both these solutions include the comprehensive cyber-resilience capabilities of InfiniSafe® technology, which were launched earlier this year.

Zintle Nkohla