Security

CDW Tech Talk: Using Data Protection and Recovery to Build Business Continuity

Recent ransomware attacks have many organizations re-examining their cyber defenses, but business operations need just as much protection as infrastructure.

Joe Kuehne

Joe Kuehne is an Associate Editorial Director at BizTech magazine.

Due to the many data breaches dominating headlines in recent months, cybersecurity has become a top concern for IT leaders. Many have scrambled to protect the sensitive and valuable data their organizations are collecting, storing and using to remain competitive.

However, a robust defense system isn’t the only necessary means of preparation. Many IT experts say that it’s not a matter of if cyberattacks will strike, but when, and organizations face greater risk if they haven’t planned to minimize downtime when an attack happens. Resilience can prevent an eventual attack from being catastrophic.

Joe Vidal, master technologist at Hewlett Packard Enterprise, joined CDW’s Tech Talk webcast to explain why recovery is such a key component in building business continuity for any organization.

The Pandemic Made Many Organizations More Vulnerable

Vidal noted that the increase in remote work has had an impact on security, broadening the attack surfaces that must be defended. “It not only changed the attack vectors but it also changed our overall corporate strategy,” he said. “We're also offering more attack vectors by sending our folks home, where we have home office security, or the lack thereof.”

Vidal discussed implementing multifactor authentication, saying that organizations who still aren’t using it are susceptible to simple phishing attacks or the insertion of firmware through household electronics, such as an employee’s thermostat or unmanaged Blu-ray player. “You never managed that thing, you never set an admin password, or maybe it didn't even have the option to set an admin password. So, somebody could drive by, see that thing beaconing, go in there, update the firmware with fake firmware, inject a key logger and — bada-bing, bada-boom — they're in.”

Vidal said that all these new threats have convinced HPE to add another focus to their security strategy to ensure they have a zero-trust solution throughout the entire application stack. “The bottom line is there's more data out there, there's more attack surfaces, and it's much easier, with our employees at their home offices, for us to be attacked. So, it's really important to extend those VLANs, to extend a secure SD-WAN environment if you haven't already done so, and to implement multifactor authentication to ensure that you’re not going to be so at risk.”

Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.

Disaster Recovery and Business Continuity Are Not the Same Thing

Vidal pointed out the differences between a disaster recovery (DR) strategy and business continuity. “First and foremost, disaster recovery is designed to allow you to respond after a disaster occurs. The question is how quickly you’re going to respond,” he said.

He explained that both a recovery point objective (RPO) — the point in time from which data can be restored — and a recovery time objective (RTO) — the amount of time it will take to recover the data — factor into a disaster recovery plan. “In the business continuity plan, if done correctly, it has a DR strategy and an RPO of zero, meaning that it takes me zero time to respond. My systems are disaster resilient,” Vidal said.

Vidal said the best business continuity strategy is to never have to worry about recovering any data, because you have a local copy as well as a remote copy. “If your business continuity and disaster recovery plans are designed properly, we can then ensure that you have multiple copies — and you have copies that are not visible to those bad actors.

WATCH: Learn how to secure your supply chain against attacks.

Security Needs to Take a Zero-Trust Approach

Vidal stated that, since the beginning of the pandemic, the average amount of time it takes to recognize the presence of bad actors has grown from 145 days on average to 240 days, and the number of cyberattacks has gone up by more than 75 percent.

“There are hundreds of thousands of people. This is a multibillion-dollar industry going after our data, going after our customers and going after our personal information or our corporate secrets, to share those. So, we have to look at locking down that trusted supply chain with a zero-trust security layer, all the way up to the workload layer,” Vidal said.

The state of cybersecurity is what Vidal said drove HPE to create Project Aurora, “which has now given us an opportunity to create a set of solutions that start with a secure supply chain, which locks down via Silicon Root of Trust across all of our servers, storage and networking products. That allows us to start with a zero-trust layer and then build each other layer subsequently on top of the one before that. It flows through the infrastructure, through the hypervisor, the platform and the workload. We have a secure layer of zero trust, and zero-trust plug-in modules at each layer of the solution, so that we can guarantee that your solution can't be hacked.”

Addressing the Many Challenges of Data Protection

Ruben Chacon, vice president of technology and CISO at CDW, also joined the conversation to highlight several common challenges many organizations face in keeping their data safe.

First is the evolving threat landscape. “There are malicious actors always looking for ways to achieve their objectives,” he said. “Their tactics and techniques and procedures are always evolving, taking advantage of any vulnerability they can find on people, processes or technologies. So, vulnerabilities in any of these spaces can lead to a security breach.”

The second challenge is that organizations are always changing. “Change is complex, especially if we consider the fact that organizations are part of an ecosystem. Organizations are not standing alone, without any connection. We're connected to the internet — to many other entities, such as partners, vendors, customers, which increases the complexity when it comes to protecting our data.”

Another challenge is that data is everywhere. “It’s in the databases of our systems, it’s on email, on the cloud, on user computers, and many other repositories,” Chacon said. “The challenge is that there is not a bulletproof technology or process or program to ensure complete protection. It doesn’t matter how much you invest in the cybersecurity space; the reality is that something will happen in the future.”

Chacon said he thinks researchers should invest more in cybersecurity programs that take an adaptable approach to preventing, containing and remediating attacks. “We should invest more on detecting faster so we enable a better response and recovery. In other words, we prove our resiliency.”

Some Industries Are More Vulnerable Than Others

When discussing the susceptibility of specific industries, Vidal singled out healthcare as being particularly vulnerable. “There was a hospital system that was attacked recently, and unfortunately, the bad actors were in there for quite some time. They used the SamSam variant to get in there, inject a key logger, which got credentials for multiple app SysAdmins that had root credentials. Once they did that, they started accessing system after system, and they downloaded as much data as they could.”

While the attackers were in the system, Vidal said, they didn’t just download a bunch of data or encrypt the primary data. “Unfortunately, they added the backups, and then they deleted the backups. This is really critical to a deep, good DR and business continuity strategy, because by deleting the backups, there was nothing to fail back to. By editing multiple versions of the backups, even if they had done snapshots, they didn’t necessarily know what snapshots or how far back to go.”

Vidal pointed out the potential medical consequences of such an attack, offering the example of a patient awaiting surgery. “If the anesthesiologist no longer has access to the patient records to know what allergies they have, they can’t perform any anesthesiology, meaning that that surgery has to be put on hold, and that life may be now at risk.”

Contrasted with the business consequences for other industries, Vidal said, the risk to human life is greater. “Obviously when there’s oil on the line, or there’s manufacturing on the line, whether that’s manufacturing silicon or cars or anything else, the business is always at risk,” he said. For hospitals and healthcare systems, “when there’s lives on the line, real time makes a difference. Those are the most at risk.”

Follow BizTech’s full coverage of the CDW Tech Talk series here. Insiders can register for the event series here.

Getty Images/ metamorworks