Being prepared for the unexpected is not just about storing data: it is about making data available, keeping it available, and being able to recover it under all circumstances, says Ruud Veenman, Sales Executive at E-Storage. We speak to him about cyber threats, data loss and recovery, E-Storage’s solutions, DORA preparations, and cybersecurity needs beyond the financial sector.
Preventing social unrest should be a priority
“At E-Storage, we work with some of the largest companies within the financial sector, the central government, healthcare, and service providers such as TMT and energy providers. With so many customers and such vital operations, you can imagine that these companies will also have the most disruptive effect on society when they get hit by a cyberattack.”
“Imagine Rijkswaterstaat becoming the victim of a ransomware attack, which makes them lose access to their systems. No bridge will open or close anymore, signs on the highway will stop working… All traffic in our country will come to a standstill.”
An analogy can be made with the financial sector, Ruud says. “The moment that one of the big banks gets attacked, the result will be hugely disruptive, because they might temporarily lose access to their bank account. A bank will be the first to say: don't worry, your balance is still there, and we will be back in business within 48, to 72 hours. However, customers don’t have that guarantee at that moment – something that will undeniably lead to social unrest.”
Getting ready for DORA
This makes the need for a reliable cyber recovery practice of great importance. And the financial sector is ahead of the game here, adds Ruud, with the new Digital Operational Resilience Act (DORA). This EU regulation aims to ensure that financial institutions can handle and quickly recover from disruptions, particularly digital or cyber-related. The DORA regulation entered into force on January 17, 2023, but financial institutions have until January 17, 2025 to comply with the regulation.
And there’s still a lot to figure out, Ruud says. “Financial institutions now have to find answers to questions such as: what’s our core process? What has to be up and running first? What is connected to what? And which measures do we have to take to be able to restore processes and systems?”
“In order to help our customers prepare, we therefore guide them through a five-step process, which very simply starts by creating awareness. Do organizations understand the consequences of a cyberattack? What are the financial and social consequences? Which damages can you suffer? Which fines can you get? By executing such an impact analysis, we can make clear where the gaps lie. We provide insights into the organization's recovery capabilities today and what is needed in order to comply with regulations”
When those gaps are identified, concrete measures can be taken, Ruud adds. “Together with the customer, we look at how we can fill those gaps and what we need for it. That will include plans, people, security measures: the whole spectrum.” E-Storage then helps the organizations build and execute the plans, aligning them with DORA and other regulations.
Keeping data secure and available – at all times
In order to comply with DORA, banks must establish strong frameworks for managing IT risks, including reporting significant incidents and conducting regular resilience tests like vulnerability assessments and threat simulations. This means they need to be prepared for the worst – and be able to show that they have these measures in place.
One of the ways to do so is with E-Storage’s Cyber Recovery capability, Ruud says. E-Storage does so by building a data vault, which contains all the crucial data to be able to restart the core processes.
“Hackers cannot get to this vault, because it’s not on the network: they won’t be able to see it. Additionally, we prioritize strict privilege access management: employees that have access to the production environment will never have access to the vault.”
Ensuring a one-way data flow with the DataDiode
Data is important from the production environment into the vault. That means viruses can also get into the vault, Ruud says. “The data in the vault needs to be secure, virus free, and available at all times. Scanning that data is therefore vital: but while the information has to be able to be sent outside the vault, nothing should come in. This is why we use the Fox DataDiode: the hardware-based solution ensures a one-way flow, making sure we can safely scan our data, without risking anything getting in.”
What if a cyberattack happens?
So what happens when things go wrong? “When a company gets hit by a cyberattack, all systems might be down or compromised. This is when we turn to the vault, as a last resort. We take all the data that is needed and bring it into a so-called clean room. In that clean room, cybersecurity experts will then go through the data to see what happened, and to ensure that the data that will be brought to the recovery environment is clean. Then, the restoring of processes can happen: we bring the data out of the vault into the recovery environment. That can be the existing production, but often that is just a new, clean, and isolated environment that is started up in the cloud or in the customer's data center.”
Then, the organization can restart the applications. We ensure that the data is there, and they can then restart their most important applications. For example, a bank will want to make sure that customers can check their balance again.”
Building awareness – even beyond banks
Every organization is different, so every solution is different, Ruud says. “We look at every organization’s needs and risk profile to create a personalized solution. But at the same time, it’s important to realize that threats are evolving constantly. This means that your cybersecurity practice also needs to be updated constantly: it's not like you have one solution and that's enough for the next ten years. This is why we keep focusing on the importance of continuous innovation and practice.”
“And slowly but surely, we see that awareness growing – also in sectors beyond the financial sector. The government is starting to see the need for a strong cyber and cyber recovery practice, which is also happening in other sectors. And beyond that, organizations in every sector are starting to realize that not everything is safe in the cloud and that taking additional steps is probably needed.”
Building that awareness is an important first step, Ruud says. “Once organizations understand what’s happening, we are ready to help them with the rest.”
E-Storage enables organizations with the capability to recover the core business processes within the required timeframe, instead of paying bitcoins. For more information please check our website www.e-storage.nl