Cyber Recovery: how it works and how to apply it

The steady increase in digitization and the related shift to the cloud due to diverse development opportunities, increased flexibility and business agility has also indirectly caused an increase in cyber attacks in the public and private sector worldwide. Estimating that about every 39 seconds a cyber attack occurs, one would think that it is no longer a matter of "if" but rather "when" it will be one's turn to face an attack on one's company. Therefore, it becomes critical to identify critical data and applications that, in the event of an attack, enable normal business operations to be resumed quickly.

NIST framework: how to measure cybersecurity for companies

The NIST Framework, through the use of a common language and effective best practices, indicates the roadmap to follow for understanding and managing cybersecurity in the company, identifying and prioritizing different corrective activities that can minimize risks related to vulnerabilities or critical issues.

The Framework consists of 5 steps: identification, protection, detection, response, and recovery, the parts that constitute the complete vision for risk management in cybersecurity.

Identification: understanding the business context and crucial data is critical in order to focus budgets and resources in a consistent way.

Protection: highlights the most appropriate protections to ensure continuity of service, limiting or containing the impact of a possible cyber attack.

Detection: Enables the development of all those key activities to identify different events in IT in a timely manner.

Response: includes activities to undertake in the event of a cyber attack, enabling the company to limit the impact it could have on the company.

Recovery: Enables timely recovery of compromised assets or services to reduce the damage caused by a cybersecurity incident.

How to implement a Cyber Recovery strategy in the company?

When we talk about a vault, we are not talking about an entire additional data center, but an on-premise or, even better, public cloud environment.

The vault works through 4 basic steps:

1) Data identified in the first phase as critical are synchronized across the air gap, unblocked by the management server, and replicated to the target storage. The air gap is then closed again once the operation is completed.

2) Through a copy of the data it is possible to choose the configuration that best reflects business needs. The majority choose to keep copies of the data for about a month.

3) Data in the vault are frozen, as additional protection from accidental or intentional deletion.

4) The last step, which is not mandatory for the proper functioning of the vault, analyzes the data to see whether what is being transferred is intact or already corrupted.

In a landscape where cyber attacks are commonplace, every company is forced to struggle to build the ideal solution for its cyber resilience so that operations can resume quickly. Thus, we can conclude by saying that the stability and continuity of any business relies primarily on its ability to isolate its critical data to ensure its availability and quick recovery after a cyber attack.

Stefano Papaleo

Stefano Papaleo

CTO - PM & Solution Architect - Team Leader

Iscriviti alla newsletter