The Colonial Pipeline ransomware attack provides a reminder for those working in critical to develop proactive ransomware response plans that prioritize the recovery of mission-critical systems.
Today's leading cyber threat is, unarguably, ransomware. The recent DarkSide ransomware attack on Colonial Pipeline underscored why organizations shouldn't pay ransoms for stolen data and why they need a solid business continuity and disaster recovery (BCDR) plan. Despite complying with DarkSide's ransom demands, Colonial found that recovering from backups was quicker than using the gang's decryption key to bring systems back online. This attack is a reminder for those working in critical infrastructure (and all public-facing organizations) to develop proactive ransomware response plans that prioritize the recovery of mission-critical systems.
A comprehensive, well-tested disaster recovery plan is a great way for agencies to protect their assets from an attack that could cause extended downtime, financial losses and reputation damage. Here are five considerations IT professionals should keep top-of-mind when developing a BCDR plan.
- Backups. Developing a backup strategy is a great place for agencies to start building or rebuilding a BCDR plan. The 3-2-1 model is a standard data protection technique: store three total copies of agency data, two that are local but on separate devices, and at least one copy stored offsite. There is still risk with this strategy, however, as more sophisticated ransomware attacks now target backup files. The most straightforward way to expand on the 3-2-1 model is simple: 3-2-1-1. For extra security for backup files, agencies should store an air-gapped copy of the data offline where ransomware can't reach.
- Disaster recovery as a service. Self-managed DRaaS will increase in value as organizations realize the cloud's faster operations speeds, lower costs, scalability and improved administration. As a result, agencies will be able to self-service their point objects and have hands-on management around recovery times.
- AI and automation. Not only can artificial intelligence be integrated into an agency’s cybersecurity strategy, but it can adjust to new data to make its predictions of future attacks more effective. Equally, some recovery processes can be automated and automating regular updates and patching can prevent problems.
- Cybersecurity and protection. Maintaining different cybersecurity and data protection services isn't as effective at mitigating disaster as uniting those two solutions. The more systems agencies try to support, the more vulnerable their data and networks become. A multi-pronged solution will help agencies optimize protection, cybersecurity and disaster recovery capabilities with minimal management.
- Updating old plans. Finally, agencies should take the lessons they learned from 2020 and apply them when they update their BCDR plans. To start, a review of policies will help agencies determine which ones are outdated and which ones should stay. IT departments must focus on solutions that provide remote access across systems and devices with cloud-based security. And last, agency disaster recovery plans should outline how their health and safety protocols address illnesses, contact tracing, sick leave and backup staff for critical processes. These updates should be included in agency crisis communications plans.
Sourcing cybersecurity solutions for a robust and resilient BCDR recovery plan isn't a one-size-fits-all approach. However, key considerations that will position agencies for a successful recovery when disaster strikes – whether natural or man-made – should include a scalable plan, utilize the cloud for faster recovery times and ensure data security.
NEXT STORY: MITRE expands ATT&CK-related capabilities