It seems like every week there is a new story of a major company or organization being affected by a cyber-attack. It might be a ransomware attack, stolen user data, or other disruption to services, and may be initiated either by an external attack or internal malicious actors. Whatever the attack vector and motivation, we are clearly living in a world where there is an increasing risk to the services we rely on in our daily lives.
According to the IBM Cost of a Data Breach Report 2022, 83% of organizations studied in the report have experienced more than one data breach. The average cost of a data breach was $4.35 million, up 12.7% from the data in the 2020 report. For critical infrastructure organizations in financial services, industrial, technology, etc the cost is even greater at an average of $4.82m. In addition to the immediate monetary costs, the impact on brand image, potential lawsuits, and loss of customer data can be very significant.
While attacks are becoming more prevalent and costly, insurers are pulling back on coverage of such events. A new report by Delinea showed that only 30% of organizations said their policy covers critical risks such as ransomware, ransom negotiation, and decision on ransom payment. 47% of respondents stated they were required to have malware protection, antivirus software, multi-factor authentication, and backup data in place to qualify for cyber insurance.
Most industries are now moving toward a Zero Trust framework with technologies such as Multi-Factor Authentication, Endpoint Monitoring, and Full-Disk Encryption becoming prevalent. This will help reduce the risk of a successful cyber-attack, but what happens when your defenses are breached?
The IBM Z Cyber Vault solution takes a holistic approach to help you identify and rapidly recover from a cyber-attack if one affects your business. Regularly creating tamper-proof backups that are stored in a secured, isolated environment provides the ability to recover your business in the event of a data breach. The IBM Z Cyber Vault solution delivers protection via 5 key use cases.
Data Validation
The first step in protection is to ensure that backups taken are not corrupted. On a regular cadence, a copy is taken of your production environment and then this copy is validated in an isolated environment. Type 1 validation ensures that one or more system can be started successfully. Type 2 validation ensures all running software can be successfully started and tools or utilities are run to validate that the structure of the data has not been compromised. Type 3 validation validates the specific application data content. If issues are found at any stage, this is an indication that your production system has been affected. If a copy passes validation, it is an indication that all prior copies are good.
Forensic Analysis
Once you have identified an issue, a copy can be snapped off for immediate analysis. Any of your secured backups can be started in an isolated environment and used to investigate the problem and determine the recovery action. If, for example, the corruption event was at 2 pm you can restore the last known good backup before that time to compare to the current environment.
Surgical Recovery
Once the specific recovery action plan is decided, any required data can be extracted from the secured backup copy and restored back into production. Any row, file, or data set can be recovered in a surgical recovery to ensure that you are only recovering what has been affected and leaving the rest of the production system intact.
Catastrophic Recovery
In rare cases, you may have lost your entire production system. In this case, fixing the production environment with a surgical recovery will not be possible. In this scenario, it’s important to be able to recover your entire environment from your last known good backup.
Offline Backup
In addition to the backups kept on disk, it’s also important to support the ability to archive these copies out to an offline media, typically a tape environment.
An IBM Z Cyber Vault solution can support all 5 of these use cases for maximum resiliency. We are seeing a tremendous amount of interest in this exciting new technology and believe that eventually most of our clients will deploy this type of solution. If you would like to learn more about IBM Z Cyber Vault you can download the Red Book, or contact me or one of the other IBM experts.
Nathan is the Program Director of Product Management for IBM GDPS and IBM Z Cyber Vault. Having spent the past 25 years in Development, Test and Product management at IBM, Nathan has a passion for helping clients build highly resilient systems with the latest technology. In his current role he is driving IBM resiliency strategy as part of the GDPS team to ensure IBM's clients have the capability they need to deliver 24x7 service to their users.