World Backup Day, celebrated annually on31 March, is a reminder of the importance of taking effective measures that can make all the difference when a data loss incident strikes.
It is also a good time to pause and reflect on the rising tide of threats that organisations, notably those operating in critical industries, face in cyberspace, writes Carey van Vlaanderen, CEO of ESET Southern Africa.

It is a safe bet to say that Hippocrates didn’t expect the wisdom of the oath named after him to extend nicely to cybersecurity one day. And yet, thousands of years later, many security practitioners will probably swear by one of the dicta contained in modern versions of the physicians’ pledge, namely that “prevention is preferable to cure”.

Nevertheless, as threats are constantly evolving and become more pervasive, incident response and recovery are increasingly jostling for the attention of organisations’ cyber-defenders. Indeed, the threat landscape gives a sense that security ills are sometimes well-nigh unavoidable. Given our reliance on technology, having a plan for how to respond when the chips are down has never been more important.

In information security, best practices in preparations for a possible emergency include implementing a robust plan for data backup and recovery. World Backup Day, celebrated since 2011, helps raise awareness of the fact that a data loss event can cost people and organizations dearly. The causes of such incidents clearly run the gamut and include a hardware or system failure, a human error, a malicious insider, and a cyberattack.

To be sure, there is also the possibility of a physical disaster. However, compared to, say, fire or flood, cyber-incidents – especially of a malicious bent – pose a range of specific challenges for both detection and recovery. To begin with, it may not even be immediately obvious that something is amiss. Also, the actual extent of the damage or the timing of the intrusion may not be immediately apparent. The risk of a contagion spreading to other systems is yet another of a number of challenges that cybersecurity incidents bring.

Whatever the cause of the incident, an organisation needs to restore the lifeblood of its operations – its mission-critical data – in order to begin a recovery. The journey to restoring the organisation’s vital functions begins with a pre-purchased ticket, which in this case is a robust backup of its data.

Indeed, reconstituting lost or corrupted data, especially business-critical data, can be a matter of survival for any business. In critical infrastructure, the stakes are particularly high. For services that are essential for the functioning of entire societies, even short-term disruptions can have particularly dire ramifications.

Critical data, critical infrastructure

The financial services sector, which is part of the critical infrastructure, is facing a plethora of specific and palpable cyber-risks. In a world where criminals usually follow the money, cyberattacks against financial institutions come thick and fast and in many forms and sizes. Adversaries are well resourced, organized, persistent – and often successful. To blur the threat picture further, insiders and third-party service providers with privileged access represent a threat in their own right, whether acting out of malice or negligence.

Attacks on banks may not necessarily involve “only” cyber-heists, however. There is another – and no less insidious – threat that involves attempts to harm the integrity or availability of data. These onslaughts are aimed at data corruption or at shutting out access to data altogether.
Many organisations in critical industries admit to facing attacks that are aimed at file deletion or manipulation. In the financial services sector, one worry is that this could involve large-scale data manipulation or sabotage of critical customer and business account data.

In addition, networking giant Cisco recently sounded the alarm on an emerging type of attack that seeks to wreck backups and safety nets needed by organisations in order to restore their systems and data after an incursion.

Throwing a lifeline

Now, suppose that an information storage disaster hits a bank’s data center and things go so spectacularly awry that not even standard backup plans and recovery procedures are able to restore normal service promptly. Such an attack would normally involve data concerning account records; if these data are inaccessible, clients could effectively become locked out of their money.

While this nightmare scenario may strike a chord only with survivalists, preparations for any imaginable adverse turn of events are at the heart of standard business continuity and disaster recovery (BC/DR) plans, whether they involve physical, virtual or cloud-based environments.

Securing some of the most valuable information in the digital age obviously requires a multi-layered approach. To bolster their data resilience and recovery capabilities in the face of increasing threats, it turns out that banks and other financial firms in the United States are adding another layer of data protection in addition to their standard backup and recovery playbooks.