What is cyber resilience?
The effectiveness of ransomware attacks have caused organizations to move from a threat prevention strategy to a cyber resilience strategy. This is because companies now need the ability to respond to a security breach, mitigate damage and enable data recovery to restore normal operations when protecting their data. The shift has caused more companies to look at backup and recovery as part of the security stack. This holistic approach to attacks acknowledges that even with best-in-class defensive tools, you won’t have 100% prevention. A cyber resilient strategy also allows organizations to mitigate an attack while also protecting their data integrity and enabling successful recovery to normal business operations.
It makes perfect sense that being able to recover data after a cyber attack is crucial, but the alignment between security and DR teams needs work. In the 2022 Veeam Ransomware Trends Report, we found that the closer professionals got to having their hands on the keyboard, the more issues were seen with the alignment between these two camps. The upcoming release of Veeam Data Platform v12 will see significant improvements that can help organizations bridge the gap between cyber security and disaster recovery (DR).
The difference between cyber resilience and cyber security
Cybersecurity has traditionally been about blocking threats before they can do harm to the organization. The as-a-service model for attacks and the effectiveness of threats like ransomware have caused a shift to move from siloed solutions to integrated security stacks where tools share information with each other to create a complete picture of modern cyber threats. Cyber resilience is the next logical step that brings recovery into the response process. The alignment makes sense because security teams need to focus on reducing threats to the organization, and DR teams focus on maintaining service and recovering from outages. Cyber resilience as a practice is simply bringing these goals together as a cohesive ecosystem.
What are the components of cyber resilience?
Cyber resilience is a strategy that must be adopted enterprise wide. Since we are merging multiple processes, it’s imperative that you have all your security and DR processes documented to build a complete workflow to ensure business continuity. An effective cyber resilience plan should include the following elements:
- Risk assessment: A thorough assessment of potential risks and vulnerabilities, including those related to cyber attacks, natural disasters, and other disruptions. You can’t stop a meteor, but you should know whether your industry is being targeted by specific threats and threat actors. To understand the risks to your environment, you first need to know what your critical resources are and where they’re located. This includes where your backup repositories live and how they’re protected. Version 12 of Veeam ONE improves visibility into your security posture so you’ll know exactly which workloads are immutable so you can take corrective action.
- Prevention and mitigation measures: Knowing why you want to protect a system ensures it will have the correct level of protection and the proper placement in your priority list. Measures to prevent or mitigate the impact of disruptions, like implementing strong security controls, regular patching, and training employees on how to identify and report potential threats. Veeam Data Platform V12 will add multiple security features ranging from multi-factor authentication (MFA) to supporting direct-to-object immutable storage which adds a layer of protection from external threats or human error.
- Response and recovery procedures: Detailed procedures for responding to and recovering from disruptions, including incident response plans, data backup, data and restoration and communication with stakeholders, is critical and often ignored. Veeam Recovery Orchestrator has given companies the ability to automatically create and update their DR plans for years. As part of V12 we’ll extend those capabilities to make planning and testing a regular part of your resilience strategy.
- Regular testing and review: Regular testing of your DR plan and its components is important, as is periodic review and updates to ensure it remains effective over time. Unfortunately, most organizations only test their DR plans once per year. As organizations take a more resilient stance, DR teams should be brought into the overall security testing process and tabletop exercises. In V12, we’ll give you even more automated testing and reporting to prove you can meet your recovery time objectives (RTOs). It’s an important call out, since according to the 2022 Ransomware Trends Report only 16% of organizations have an automated testing process in place.
Moving forward together into 2023
Veeam has always been focused on recovery. We may not have said it outright, but everything we do is to help organizations improve their data availability and protect against data loss. We do this by providing innovative tools that simplify data security and don’t add to the complexities you already have. For example, we integrate with your existing malware detection tools and give your incident responders access to live data in a separate network for their investigations.
Our comprehensive monitoring and analytics give you control over your data with real-time visibility into your backup environment. This can provide assurances your backup jobs are running as expected, and alert you if there’s an issue that could indicate an attack.
Most importantly, we’re here to help our customers recover their data. At Veeam, we know every network is different and that resilience requires flexibility to create a solution that fits your needs. Whether it’s having the performance needed to meet a critical RTO, the need for multiple levels of data protection or the confidence that you can get your data back when you need it, we’re here to make you more resilient.
