There is no question disaster recovery plansare the parachute that organizations depend on when everything else around them fails. With therecent pandemics, hurricanes, wildfires, global heatwaves, cyberattacks, and other unpredictable events disruptingbusiness it is obvious disaster recovery is more critical than ever before. Organizations need a modern disaster recovery plan that works at the time of any unexpected disaster today or beyond.
Sure, service outages and data loss are not only caused by natural disasters, power outages, hardware failure and user errors, but more and more byorganizations experience business disruptions caused by criticalthird-party service providers and cybersecurity related incidents. Many organizations often do not take critical service provider related events into account when establishing their disaster recovery plans and strategies. As organizations have transformed to cloud first and the software as a service infrastructure model the control of the infrastructure and disaster recovery planning is now in the hands of someone else.
A prime example of an industry with many critical service providers is the industry. Financial Technology “FinTech” and Financial services where the firms must consider critical vendor and service provider relationships in disaster recovery planning. Firms have to consider whether vendors that provide critical services such as clearance and settlement, banking and finance, trading support, fuel, telecommunications, electricity, and other utilities also have adequate disaster recovery and resiliency plans. Firms also must consider taking into account that many of these service providers could be impacted by the same regional or widespread communication, transportation, and electricity challenges.
Highly regulated financial firmsare also required to maintain business continuity and disaster recovery plans with other firm operational procedures. Having a written policy is not enough to meet financial regulatory requirements. Firms must also demonstrate recurring testing,implementation, and provide evidence that plans are tested and policies are communicated to employees.Disaster recovery from cyberattack and ransomware is very much a reality for the financial services industry and preparedness is also a focus of the financial regulators.
Service providers are a popular target for hackers, as they can be used to launch supply chain attacks.In recent years the ransomware trend is a highlyvisible and recurring threat to every organization in all industries. Organizations have a much better awareness of the ransomware threatbusiness resiliency. In fact, WannaCry, NotPetya and LockBit did us a service in helping raise awareness of ransomware and the consequences of an attack. Too oftencyberattacksare seen as a security threat, not anoperational and business resiliencyrisk.
Recently digital security giant Entrustsuffered a cyberattack where threat actors breached their network and stole data from internal systems. Entrust claims to have more than 10,000 enterprise customers using Entrust solutions to enable trusted identities, payments, and data protection. Many organizations use an Entrust SSL Certificate and other tools as a layer of the security arsenal.While over the Fourth of July holiday weekend, SHI International was the target of a coordinated and professional malware attack. SHI claims to be one of North America’s largest IT solutions providers, with over 15,000 corporate, enterprise, public sector, and academic customer organizations worldwide.
These attacks came 2 months after cybersecurity authorities of the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) published a joint Cybersecurity Advisory (CSA) warning of an increase in malicious cyber activity targeting managed service providers.
Cyberattacks, natural disasters and human-errorare inevitable and will cost organizations hundreds of thousands of dollars, maybe millions or worse, put them out of business. There are countless stories of organizations paying ransomware demands, losing sensitive data, paying exorbitant expenses in regulatory fines, legal fees and due to poor resiliency planning and ability to recover from disasters.
It is essential every organization in all industries understand what is at risk and what theymust do about it. Reliance onservice providers may lead to significant disruptions when that service provider is unable to operate. Organizations should consider contracting with multiple providers to provide a failover to a different service provider if necessary. Organizations should also consider evaluating how a provider’s disaster recovery and contingency plans will affect customers’ability to operate.
Disaster Recovery is complicated, requires ongoing planning, attention, maintenance and testing to ensure your organization is prepared for whatever comes today and beyond.
References:
CISA alert (AA22-131A) “Protecting Against Cyber Threats to Managed Service Providers and their Customers” https://www.cisa.gov/uscert/ncas/alerts/aa22-131a
bleepingcomputer.com – IT services giant SHI hit by “professional malware attack” https://www.bleepingcomputer.com/news/security/it-services-giant-shi-hit-by-professional-malware-attack/
Did a Hacker Break into the Entrust Network? Is the Entrust SSL Certificate a part of your security arsenal or are you an enthusiast for cybersecurity?https://securityboulevard.com/2022/07/did-a-hacker-break-into-the-entrust-network
Bio
Michael Marrano is the founder of Riskigy and a cybersecurity professional focused on providing Virtual CISO and Cybersecurity services for clients. With his boutique cybersecurity consulting and advisory firm, he provides high-quality services to organizations in various verticals ranging from high-tech, highly regulated financial and publicly traded firms. Michael has been honing his skills as a real-world technology and information security practitioner over the last three decades. Michael is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and a Cyber and Homeland Security graduate degree scholar from Fairleigh Dickenson University.
Connect with Michael on LinkedIn www.linkedin.com/in/michaelmarrano