The recent global IT challenges and impacts offer a sobering preview of the potential disruption caused by a catastrophic cyber attack. This minor technical incident should prompt every organisation to scrutinise their resilience and readiness for more severe situations going forward.
A Glimpse of the Future
As disruptive as the recent outage was, its resolution was incredibly simple, I say that with genuine heartfelt sympathy for all those impacted as a customer or those who lost a weekend and are likely to be working long hours this week on recovery.
Each affected device only required an engineer to delete a specific file, allowing the systems to reboot without data loss or the need to reinstall applications. Compared to a targeted attack this resolution is an unbelievably quick and simple remediation. Authentication and authorisation systems remained intact, as did backups, networks and firewalls (for the most part). However, imagine an attack of tens or even a hundred times the complexity with data damage, or the need for individual machines to be rebuilt rather than rebooted. The recovery would be far more complex and time consuming potentially leading to an enterprise-level existential threat. Obviously, I speak from experience with this situation and can’t express strongly enough how much better, and cheaper, it is to be prepared for this scenario rather than have to get creative at the time.
Based on what we have seen in the most recent issue its fair to hypothesise that in such a scenario where, data would be lost, operating systems would need reinstallation, applications would need reconfiguration, and authentication systems would require rebuilding, that the recovery process would transform from a few days of work into weeks or months. In many sectors I am sure that would come with severe regulatory, financial, and reputational repercussions, in the extremis we would see some household brands cease to exist.
The Growing Threat Landscape
Bad actors are developing increasingly sophisticated attacks, targeting deeper levels of the technology stack. This amplifies the potential damage and complexity of recovery efforts. Organisations need to prepare for scenarios where normal operations are significantly disrupted.
Microsoft reported that the recent global IT outage affected 8.5 million devices, only 1% of the global number of devices. Even with a relatively straightforward fix, it took some of the world's largest companies several days to return to normal operations. Now, consider the same number of devices or significantly more being wiped or held for ransom. Consider the effect were the networks or key technical components such as Active Directory impacted.
In short, we must focus more of our efforts on being well prepared and well rehearsed for these types of incidents.
Key Questions for Preparedness
What is the minimum viable business operation needed to function during a crisis?
In what sequence should services be recovered?
How should data reconciliation be managed?
How will communication with staff and customers be maintained?
Strategic Imperatives
Organisations must adopt a holistic approach to operational resilience, from strategic planning and architecture to detailed operational recovery plans. The recent outage should serve as a critical warning and an opportunity to enhance resilience against future threats, both cyber and operational.
Conclusion
The global IT outage is a fortunate escape and a dire warning. Organisations must develop and rehearse comprehensive recovery plans to withstand and quickly recover from potential catastrophic cyber attacks. Strengthening resilience is not just about recovery—it's about ensuring continuity and minimising the impact of disruptions on operations.
By learning from this incident, organisations can fortify their defences and ensure they are better prepared for the evolving landscape of cyber threats.
Action Steps:
1. Evaluate and Enhance Resilience: Regularly assess your organisation’s readiness for severe operational impact, assume you cant recover systems and plan for manual emergency processes
2. Prepare for Complex Recoveries: Understand and plan for extensive recovery efforts, including enterprise-level bare metal recovery.
3. Develop and Rehearse Detailed Plans: Create comprehensive recovery plans and regularly rehearse them to ensure preparedness for all potential scenarios. Make sure these are stored somewhere other than your own network.
At VaultSentinel, we have developed a unique recovery solution that can hold your complete production estate in a secure vault, allowing and supporting you in recovering your business, service by service with a single click per service.
Having been through the doomsday scenario for real during the NotPetya attack, this is the tool I wish I had had.
If you want to find out more about the VaultSentinel solution, please email Sean.Driscoll@vaultsentinel.com or Andrew.Kirkby@vaultsentinel.com
Комментарии