5 simple steps to modernise your cyber recovery strategy

Across industries, cyberattacks are on the rise, impacting organisations of all sizes. The Cyber Security Agency of Singapore (CSA) reports an increase in cybercrimes against businesses, both in scale and impact. In 2023, 84% of organisations surveyed in Singapore acknowledged falling victim to cyberattacks, with 53% conceding to paying ransoms to restore threatened data.

As awareness of cybersecurity risks intensifies, particularly those threatening mission-critical operations, IT security has become an essential part of enterprise digital strategy. However, many organisations express doubts about their data protection solutions. PwC’s 2024 Global Digital Trust Insights study found that cloud attacks are a primary cyber concern. Nearly every organisation (97%) shows gaps in its cloud risk management plan, with only 3% maintaining current plans addressing key cloud security areas.

Furthermore, more than 30% of companies surveyed do not consistently follow what should be standard practices of cyber defence. To create a more cyber-resilient approach to data protection, businesses can modernise and automate their recovery and business continuity strategies, leveraging the latest intelligent tools to detect and defend against cyberthreats.

Here are five components of a proven and modern cyber recovery strategy:

  1. Automated data vaults
    Cyber resilience cannot be achieved without a major component – the cyber recovery vault. It offers multiple layers of protection to provide resilience against cyberattacks, even from an insider threat. It moves critical data away from the attack surface, physically isolating it within a protected part of the data centre. Access to the vault requires separate security credentials and multifactor authentication. Additional safeguards include an automated operational air gap to provide network isolation and eliminate management interfaces that could be compromised. If a cyberattack occurs, organisations can quickly identify a clean copy of their data, recover critical systems, and get the business back up and running.

    Data vaults have been used effectively among public and private sector organisations. These companies often use them to securely store updated copies of their most critical data and applications. If a ransomware or data destruction attack impacts data and applications in the main production environments, threat actors still cannot access the contents of the data vault. Post-attack, as part of the incident response and recovery process, the clean copies of data and applications stored in the data vault are used to restore the production environment.
  2. Data isolation and governance
    Similarly, ensuring an isolated data centre environment that is disconnected from corporate and backup networks, and restricted from users other than those with proper clearance, is another method for ensuring a water-tight cyber recovery strategy. When the air gap is in a “locked” state – where no data can flow – there is no access to any part of the solution. By isolating critical data, identifying suspicious activity, and accelerating data recovery, enterprises can more easily achieve cyber resilience.

    As early as 2017, the Singapore government became the first in the world to air-gap its protected systems by cutting off browser access from the computers of all 143,000 public servants. They had to use separate, dedicated internet terminals or devices to surf, preventing malware from infiltrating critical systems.
  3. Intelligent analytics and tools
    The democratisation of malware is in full swing, with tools like generative AI being used to create malicious code and applications. The World Economic Forum noted that the Asia-Pacific region experienced the highest year-over-year increase in weekly cyberattacks in the first quarter of 2023, averaging 1,835 attacks per organisation.

    However, the same technology that aids attackers can also be employed in defence. Machine learning and full-content indexing, combined with powerful analytics within the safety of a secure vault, are effective in threat detection. These methods include automated integrity checks to assess malware impact on data and tools to aid in remediation. Leveraging telemetry data from user behaviour, devices, and applications in a given environment, machine learning models can detect patterns of anomalies and respond swiftly. The use of AI enhances the speed and efficiency of responses to adversarial attacks within an appropriate policy framework.
  4. Recovery and remediation
    A robust cyber recovery strategy is increasingly seen as essential by business and government leaders. Despite this, many organisations in APAC and Japan lack confidence in their data protection solutions. The Global Data Protection Index 2022 reported that 59% of IT decision-makers in the region are not very confident in their ability to recover all business-critical data following a destructive cyberattack.

    In the event of an incident, remediation involves workflows and tools that perform recovery using dynamic restore processes and established data recovery procedures. This approach ensures quick and confident reinstatement of business-critical systems. This must include a comprehensive methodology for protecting data, along with damage assessments and forensics. These elements are essential in providing an organisation with the confidence and the most reliable path for the recovery of business-critical systems.

    In response to incidents, integrated recovery processes are essential. After an event, the incident response team should analyse the production environment to identify the root cause and implement appropriate recovery measures.
  5. Solution planning and design
    Expert guidance and services are crucial for helping organisations identify which business-critical systems require protection. They assist in creating dependency maps for associated applications and services and in determining the infrastructure necessary for their recovery. Zero trust, a cybersecurity model, transforms the approach to security from relying solely on perimeter defences to a proactive strategy that permits only verified activities across ecosystems and data pipelines. It enables organisations to better align their cybersecurity strategy across data centres, clouds, and at the edge. Additionally, these services are instrumental in developing recovery requirements and design alternatives. They identify the technologies needed to analyse, host, and protect data, and they aid in formulating a business case and establishing an implementation timeline.

Cyber resilience demands a multi-layered approach to cybersecurity. Beyond advanced threat protection and security training for employees, a strong cyber recovery strategy enhances cyber resilience. It protects backup systems from corruption and ensures quick recovery of business-critical systems, applications, and operations after an attack. Cyber resilience is more than a strategy; it’s a comprehensive framework involving people, processes, and technology to safeguard an entire business, organisation, or entity. This three-pronged framework prepares businesses to rapidly respond to and recover from disruptions caused by cyberattacks.