The cyber-attack you would prefer NOT to star in

You have probably read stories in the press about companies that have fallen victim to large-scale cyber-attacks. But have you ever thought about the day when these articles are talking about you?

The following story is based on actual events. A story in which your company could unfortunately play the starring role. At a time when the threat level has never been so high, organisations are becoming aware of the risk to their business and deploying powerful detection capacity.

But there is one unchanging rule in the world of security that can never be stated often enough: zero risk does not exist. Detection is indispensable. But detection alone is not enough. You need to be ready for anything, including recovering from the mass paralysis of your production environment.

DEFCON 4:

You are the IT director of a major retail company. The organisation has been attacked. The attack is the perfect example of a slow, methodical intrusion. Sensitive data has been corrupted by ransomware. In just a few minutes, over 5,000 machines are affected. Your 17 factories and 10,000 employees are at a standstill. Losses are estimated at $15 million a day. The attackers are claiming a ransom of $300 per machine, amounting to $1.5 million.

? If you choose to pay the ransom -> continue to DEFCON 3.

? If you choose not to pay the ransom -> skip to DEFCON 2.

DEFCON 3:

You pay the ransom, hoping this will allow you to return to work quickly and thinking that the ransom amount will at least be less than the potential cost of a global reset of your computers or, worse, the loss of the data concerned. Unfortunately, the pirates did not include any decryption mechanisms in their malware. You have lost your money; your data is still inaccessible, and your business is still facing a breakdown.

·      Continue to DEFCON 2.

DEFCON 2:

Your production system is out of action. You turn towards your backup infrastructure. But behind the apparent financial motivation, the attackers also have an ideological goal and want to destroy your organisation.

Exploiting an unpatched vulnerability, they have been able to access your network for 6 to 18 months before triggering the attack. The operation was facilitated by insiders and login details have been compromised. The pirates have logged into your backup infrastructure, deleted the backup images and quite simply destroyed the associated storage.

? If you have invested your whole budget in detection tools without planning an effective disaster recovery procedure -> continue to DEFCON 1.

? If you have deployed a Dell EMC Cyber Recovery solution -> DEFCON 5.

DEFCON 1:

The damage is immense: all the data on several thousand servers and computers has gone up in smoke. Your one remaining chance is to use your tape backups, which are intact as they are isolated from the rest of the network, but it will take four to five weeks to restore the data. The impact on revenue is considerable and the damage to your brand image is irreversible. Your story ends here.

? Watch this video on how to survive a destructive cyber-attack -> start again …

DEFCON 5:

Dell EMC Cyber Recovery technology creates an environment that is invisible to hackers: Cyber Recovery Vault. Based on an air-gap architecture, this space is physically isolated from the production network but also from the backup and disaster recovery platforms. The link enabling backups to be synchronised is only active during the operation and is then completely shut off. It thus contains all your images and binary files and your IT security manager is the only person able to access it to prevent the risk of insider attacks.

Once the attack has been detected and the IT system purged, you can restore your machines from the copies stored in the shelter of the CR Vault. Unlike a tape backup, the platform enables rapid recovery thanks to the performance of the Data Domain infrastructure and the automated restore processes. Five days after the destructive attack, your company is back in operation. The blow was heavy, but your company is still standing.

Like this article? Let's keep in touch ... feel free to comment my latest posts on LinkedIn and follow me on Twitter!