Rick Orloff, CSO, Code42
Rick Orloff, CSO, Code42

When it comes to cyber-security, companies can be sorted into two categories — those that have suffered a data breach, and those that have been breached and just do not know it yet. Whilst this may be a slight exaggeration, it is uncomfortably close to the truth. Modern organisations are faced with an ever-expanding threat landscape, in terms of both volume and scale. It is increasingly likely that company networks are harbouring undetected malicious software that is either lying dormant for a future attack, or exposing infrastructure vulnerabilities and syphoning off important data.

In fact, research from Verizon suggests that 66 percent of data breaches go undetected for a period of months or even years. For any IT professional or business decision maker, this should make for uncomfortable reading — especially in the UK with the General Data Protection Regulation (GDPR) on the horizon for 2018. Upon its implementation, companies will be required to report a breach to the supervisory authority within 48 hours, or risk a fine of up to either €20 million or five percent of company turnover.

Embrace the unknown familiar

Simply avoiding fines is not the only incentive for identifying a breach as soon as possible. We are fast approaching a situation where companies must accept they will be the victim of cyber-crime at some stage. Therefore, our focus must not only include prevention and detection strategies, but it must include mitigation and recovery techniques. After all, the sooner IT can identify suspicious activity on the corporate network, the sooner they can take steps to mitigate any potential damage.

A swift response is key to retaining and rebuilding customer trust post-breach. The findings of the Verizon 2016 Data Breach Investigations Report indicate that the total number of compromised records is a major factor in the total cost of a data breach, because more widespread breaches result in a greater loss of customer trust. So, implementing data loss prevention measures effectively reduces the total financial impact whilst minimising any potential damage to customer relationships.

Preserving productivity post-breach

Rapid post-breach recovery is also extremely important from a productivity standpoint. If your company is hit with a ransomware attack, for instance, a climate of confusion ensues. Employees are unable to access the data they rely on to do their jobs, and there is often a sense of panic as interdepartmental communication breaks down. The longer this situation continues, the larger the financial impact becomes in terms of lost working hours, delayed transactions, and customer impact.

So how can businesses ensure that they are able to recover from a breach as quickly as possible? First and foremost, they must make certain that all company data, regardless of whether it resides on an internal network or remotely on endpoint devices, is quickly and “easily” recoverable — without having to pay to get data back. After all, the sooner employees regain access to their data, the sooner business-as-usual can resume.

The best way to achieve this is to have a comprehensive strategy in place for endpoint security and recovery. For maximum effectiveness, include a solution that updates backed up files as regularly as possible. Whilst it might not initially seem like much in the context of all the data in your organisation, losing even a few hours' worth of updates to files will incur a significant cost in terms of wasted time recreating them and even then, the new versions will be out of synch with the versions already emailed to customers and third-parties. So it pays to ensure that your recovery solution updates files on a scale of minutes, as opposed to hours, days, or often, weeks.

Keeping things simple

The process for restoring files in the event of a breach must be as straightforward and scalable for the entire organisation— ideally, employees should be able to do this by themselves. The true operational benefit of backup and real-time recovery is the ability to access backup files quickly and easily when required. In all aspects of operational data recovery, speed is of the essence.

Alongside solutions, preparedness is the most important aspect of recovery. Make sure departments and employees have a clear understanding of their role in getting things back up and running. Finally, remember that a breach, whilst expensive and unfortunate, can serve as a learning experience. There is more of an expectation in 2017 that CXO's have a practical and effective plan to respond to a breach.

Contributed by Rick Orloff, CSO, Code42