“The constancy of the internal environment is the condition for free and independent life.”
The above quote, attributed to the revolutionary biologist Claude Bernard, is one of the most profound made in natural sciences. Bernard was one of the first researchers to argue that internal functions are specifically geared towards keeping an organism as independent as possible from the outside world. It was a revelation that would lead to the discovery of fight or flight responses.
This notion isn’t just present in living organisms. You can see it in companies as well: the propensity to protect itself and maintain its autonomy is key to every organisation’s survival. Even if it merges with another company, the goal is to create an even more powerful and independent entity.
Protecting ourselves is a natural inclination and often what we focus on most. Companies do the same when it comes to cybersecurity. The NIST Cybersecurity Framework lays out five areas that should be focused on: Identify what to protect, decide how to Protect those, Detect anomalies that may be threats, Respond to those threats, and finally Recover from whatever damage occurs.
But we also make a natural mistake. We are more inclined to look at the left side of that equation, specifically the protection of digital assets. Planting fortifications and waiting for an attack is the natural tendency. We choose to fight.
This is very necessary, but does not protect us from the after-effects of a breach. Most security is still built around stopping aggressors. Yet at times it is like keeping a fly out of a factory.
For example, in the past five years Saudi Arabia has experienced three significant attack periods from the Shamoon virus. Closely associated with industrial espionage in the energy sector, Shamoon is a mere 900 kilobytes big – less than half the size of a photo taken on a smartphone. Yet it was potent enough to take down government ministries, private companies and the energy giant Saudi Arabaia for days.
The attacks need not be big. Last year the UK’s Lincolnshire County Council was infected by ransomware. Even though security staff responded quickly and shut down the network, the malware had already done considerable damage and was blackmailing the council for over $1 million. Don’t think these breaches are limited in their danger: the infamous Sony Picture breach forced that company to use fax for communications and pay their employees with paper cheques.
What do you do once the bad guys have gotten in? This is where recovery becomes key. There are three pillars to a recovery strategy: first, create backups; second, maintain copies in an air-gapped or off-network area; and third, validate that you can recover using these backups.
Off-network backups are essential. The startup CodeSpaces was dead within 24 hours after attackers breached its systems and deleted all its backups. If intruders can breach your network, it should be assumed they can access all of it. The only remedy is to put data backups where they cannot be found.
DellEMC developed its Isolated Recovery Solutions specifically to address this. Data, including business information and technical configurations, is stored on an isolated system that is only periodically connected to your main network. During this period, data is backed up over a highly secured and scrutinised connection, which is then severed again from the main IT infrastructure. This is the ‘air gap’: a physical separation between the Isolated Recovery Solution and the areas targeted by attackers. If something is compromised, the secured backups can quickly be brought in and bring operations back to life.
The tendency to raise fortifications and keep the bad guys out is perfectly natural and entirely sensible. But don’t neglect the risk of when something does go wrong. By using DellEMC Isolated Recovery Solutions, you can focus on the frontline and know that, if the worst happens, you can get everything back to their best, maintaining your company’s autonomy and strength.