RKL eSolutions Blog Trends and Insights

Discussion: How Disaster Recovery Plans Protect you from Cyber Threats

 

We sat down with our business partner Joe Cudzik from Expedient to discuss cyber security and how small and midsized businesses can protect themselves from malicious attacks.

1. Can you provide an overview of Expedient? Expedient is a service provider for cloud and data center infrastructure. Our solutions enable clients to focus on strategic business innovation while Expedient handles the underlying technology.

2. What types of services does Expedient provide?  Expedient provides cloud infrastructure, managed services including disaster recovery as a service, and colocation solutions including hosting options for mission-critical ERP systems.  We also offer a number of security-focused products.

3. Expedient is heavily involved in many areas of IT. What topics do you see the industry focusing on?  One of the biggest issues our customers face is understanding cyber security and how to recover from a security event.  Cyber security comes up in just about every conversation, yet we still see a lot of companies (of all sizes) making some pretty fundamental mistakes.

4. As to “fundamental mistakes,” what are the top 3 or 4 mistakes you see?  I would say the top mistakes are:

  1. Not understanding business risk tolerance;
  2. Not recognizing there is a problem to begin with;
  3. Assuming existing security measures are “good enough”; and
  4. Overconfidence.

5. What do you mean by not understanding the business risk?   Well, every company has to weigh its acceptable vs. unacceptable risk.

We all recognize the need to have a cyber presence and acknowledge that this presence introduces some level of risk.  However, that risk is only acceptable if an organization has PROPER security measures in place.  By not having proper security measures built for your specific business need, your business risk may be greater than you should be willing to accept.

And if you are not paying attention to cyber security at all, how could you know if you are taking an acceptable business risk in the first place?  I would challenge any business leader not paying attention to cyber security to recognize, by definition, they have no idea how much risk they are putting their business in.

6. Back to your point #2 above, what do you mean when you say many companies don’t even realize there is a problem to begin with?  Many companies will say something to the effect of “we don’t have anything on our servers worth attacking so we are safe.”

That is absolutely the wrong way to look at IT security.  They look at the problem as a “what’s in it for me” conversation when they really should look at it from a “what’s in it for the hacker” viewpoint.

In some (but not all) cases, hackers are still looking for sensitive information, it just might not be you or your customer’s information they are after.

Often hackers will use a compromised server to attack another server.  This means that Company A’s servers would be used to attack Company B’s network.

In this instance, resources that should be used to serve Company A’s users or customers are being consumed for the attack on Company B.  Additionally, Company A could become part of the legal investigation that could tie up financial and server resources, not to mention the negative PR associated by a breach to Company A’s environment.

But as I said above, not all attacks are about obtaining information anymore.  The biggest rise in cyber attacks we see are related to ransomware like Cryptolocker and WannaCry.  Ransomware is a type of attack where the victim is extorted into giving the attacker money to gain access back into the victim’s servers.

This type of attack is very common and very disruptive.  Organizations in the headlines have been affected by ransomware attacks resulting in weeklong outage events, ultimately ending up paying a ransom because they had ineffective disaster recovery capabilities.  After regaining access, they end up rebuilding all their servers because attempting to repair them is no guarantee of complete removal.  Had they originally focused on proper design – which would have included establishing clear recovery time (RTO) and recovery point objectives (RPO) for key servers and associated applications -- it would have saved them a considerable amount of time and money.

Saying you don’t have anything to attack is like burying your head in the sand to ignore the approaching tidal wave.

7. You said that the 3rd mistake companies often make is that they think their existing security measures are good enough, what do you mean by that?  Many organizations rely on one system to serve all security needs. In today’s world, simply having a firewall, for example – is just not enough. In the IT security world, we talk about defense in depth.  That means you can’t depend on one system, we have to protect the whole IT ecosystem from many points in and around the environment.

8. So firewalling along with antivirus for example?  Exactly, but this would also include antivirus on servers/desktops and at the firewall level, intrusion detection, logging tools, data encryption, two-factor authentication, VPN tunnels… it’s a matter of creating a holistic approach.

Cyber security threats are evolving at a stunning pace; to keep up, we have to continue to evolve our cyber security posture.

9. Lastly, you mentioned overconfidence is one of the most common mistakes you see, what do you mean? This one is almost counter-intuitive.  All cyber security planning should be built around one premise: at some point cyber security defenses are going to fail.

We have to build our cyber security systems assuming we are going to miss something or that attackers are going to get new technologies.  We need a “get out of jail free card” in the form of a disaster recovery plan that provides the capability of rolling back our IT infrastructure and application data to the point in time immediately before the problem started. A DR plan isn’t a specific part of the security plan; it’s mission critical for the overall health of the IT environment.

I previously mentioned organizations that were recently impacted by a ransomware attack (see Part 1 < editor).  In that case the missing element was a get out of jail free card that would have saved them significant effort in their recovery effort.  Had this capability been in place before the event occurred, they wouldn’t have wasted weeks and they wouldn’t have had to pay a ransom to get back into their systems.

Read Stanley Steemer Case Study

>>Download Case Study

How do I learn more?  Contact RKL eSolutions to learn more how cyber security options and DRaaS solutions can help ensure business continuity and IT resiliency for your organization.

RKL Team

Written by RKL Team

Since 2001, RKL eSolutions has helped growing companies maximize their technology resources and investment. Over the years, we have helped hundreds of small and medium sized businesses as their strategic business partner. We specialize in the needs of Entertainment, Software & SaaS, Professional Services, Manufacturing, and Non Profit organizations. Our experienced consultants have a passion for making every facet of your business successful and are intent on building a long-term relationship with every client.