Paul J. Dattoli, MS, CBCP, AMBCI, Program Director, It Disaster Recovery, Lahey Health
Your Cybersecurity and IT Disaster Recovery (DR) programs must be closely aligned. Consider the two following questions that get to the heart of the matter:
• If your systems get breached, what will you do?
• If your systems get wiped out, what will you do?
Seems every day we hear about Cyber Attacks, whether they are in the form of Ransomware, DDoS, or many other disruptive approaches deployed by criminals today. A recent study by the Disaster Recovery Institute (DRI) International identified the top three resiliency issues for organizations to address globally: Cyber Attacks, IT Interruptions, and Natural Disasters. According to research by IDC, “50 percent of healthcare organizations will have experienced 1-5 cyber attacks in the previous 12 months.”
Cyber Attacks now are another risk category to be considered within your resiliency program along with acts of nature (hurricanes, floods, fires, earthquakes); terrorism; and human error. However, this particular risk category changes the recovery dynamic because you will likely have a different approach within your DR plan for recovering from a cyber Attack.
IT DR focuses on the worst case scenario which is the loss of your primary operating environment and critical systems.
Cyber attacks are now an important risk category to address within your resiliency program along with acts of nature
In this case, you must recover your most critical systems quickly and likely at an alternate location. Your less critical systems also require recovery plans and must be recovered; however, they can be addressed later in the overall recovery effort.
A DR mindset will help you think deeply about risk mitigation and how to structure your systems to survive anomalies such as cyber attacks. So, how resilient are your systems and what kind of recovery plans do you have in place? And, most importantly, do the recovery plans work?
Cybersecurity has become a major marketplace with a huge shortage of skilled workers globally. This field demands a new breed of worker who possesses a varied skillset and is comfortable using the new tools and processes that have been developed. The tools take advantage of new monitoring techniques both real-time and historical, and can dive deep into pertinent infobases to derive inferences for taking action.
These tools look at your physical infrastructure, networks, and applications. They force us to pay closer attention to our applications and scan frequently for both coding vulnerabilities and configuration errors. This field requires that you have a good understanding of the fixed physical environment derived by the many devices that are permanent within your data centers, equipment racks, wiring closets, behind the walls, and above the ceilings of your building(s).
Much of this knowledge about your IT infrastructure and systems is found within your IT DR team. I suggest they be closely linked if not part of your information security organization. They can bring a lot to the table when thinking about point-in-time recovery options to help address cyber attacks and approaches for recovering your systems. After all, they prepare for the worst case scenario.
IT DR focuses on recovering your systems to meet their stated RTO and RPO by deploying various technology solutions. When cyber attack is added to the risk equation, it will impact your system design to achieve the added level of resiliency.
Today’s cyber criminals are forcing CIOs to “react” and think differently about the viability of their systems. Not only must their systems be quickly recoverable to meet the needs of the organization, they must also be bullet proof. I believe this is yet another driver of change, and an important quality to seek in the type of leaders that organizations need today. We must be vigilant.