With the ever-growing prevalence of ransomware attacks. We thought it was important not only to reiterate the importance of ensuring you have an effective backup and recovery strategy in place but also to provide advice and guidance on the steps you can take to maximise its effectiveness.
Taking regular backups of your organisation's data is a key measure to insure yourself against the worst outcomes stemming from a multitude of threats, including:
Whilst taking regular backups is important, it is a worthless exercise if they cannot be accurately restored when needed. Testing your backups to ensure they can be recovered is important, but once you have established they work. How do you ensure your backup represents a full account of the lost data? And that it can be redeployed swiftly and accurately in the event you need to call upon it?
Many businesses adopt a weekly backup strategy, regardless of how often their data changes. If you perform your backups just before close of play every Friday night, but then suffer a ransomware attack and lose your database on a Tuesday night, what happens to the data from Monday and Tuesday?
As part of an effective backup and recovery strategy, it is important to consider your Recovery Point Objective (RPO) i.e. the maximum age of your data at the point of recovery to prevent intolerable disruption. For example, if you worked out your RPO at 60 minutes, then you will need to back up your business data every 60 minutes.
Your RPO is often driven by your database solution that records transactions with customers. The process to work it out is based on the severity of how your system is impacted and what systems depend on the database to function correctly.
Questions you may ask when defining your RPO include:
If your backup strategy is longer than the RPO, whilst you will be able to recover some of your lost data from the backups, some data will still be missing. In many instances, this means the restored data is no longer useful and despite a successful recovery from the backup, the database will be useless.
A second important element to account for is the Recovery Time Objective (RTO). Using your sales platform as an example, this measurement focuses on how long the backup takes to recover. The RTO is usually a business-driven factor based on not serving customers and breaking contracts.
It is important to work out how long it would take to recover your data, the cost of doing so and the implications of not having access to the system. In theory, the data can often be recovered, but in practice, it may take too long to be of any use.
Questions to ask to determine your RTO include:
In both situations – an incorrectly specified RPO and RTO can create a situation where a backup system works and can be restored, but the business doesn’t gain the benefit expected from the backup.
SES’s information assurance team can help you understand RPO and RTO, assess that your backup systems have the correct RPO and RTO and even help run exercises to validate this. We can also help your team ensure your organisation is achieving ISO 27001 and ISO 22301 compliance if required. For more information, please click here to speak to one of our specialists.
This article was published in partnership with our cyber security partner PGI.
© SES Secure Limited and ses-escrow.co.uk, 2022. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content