Breached! Now, Every Second Matters …

Share this post:

Tik, tok, tik, tok…time is of great essence in a security breach.

The problem is that many companies are often in disarray when there is a breach. The root cause lies in our perception gap. We have mostly focused our attention at detecting, isolating, preventing, and learning from previous attacks. But when it comes to recovery, not so much.

Attackers are also getting equally good at evading, misdirecting and intruding, while working as syndicates. Motivations have shifted to zeroing in on personal data and corrupting backup data, making ‘quick recovery’ a challenge. Companies are becoming more vulnerable to third-party risks through tighter integration, IoT, reliance on real-time data and subscription to cloud services. Regulators are also demanding sheltered or clean harbor clauses, more frequent disaster recovery tests, and hefty fines for non-compliance.

The longer the breach, the greater adverse the business impact and the need for rapid recovery.

So, when a cyber breach occurs, companies that are unprepared for rapid recovery are essentially gambling with their business reputation and future viability.

Obviously, things need to change.

Think Holistically, Not Look for Band-Aid

What happens during a breach? Take this scenario for example.

The CISO follows the required steps to mitigate the risks, in collaboration with other teams. This will include alerting the appropriate authorities, taking preventive measures, isolating the breach, and analyzing the threat patterns. The IT and disaster recovery team will also look to either failover from production to a disaster recovery system or access backup data.

The reality is more complicated.

Like the video suggests, sophisticated malware can be devious and, in some cases, corrupt backup. So, you may be unknowingly doing more damage when you recover from corrupted copies. Knowing which are clean becomes critical in a breach when every second counts.

Time ticks faster during a cyber breach. Some malware is designed to propagate swiftly and infect laterally, corrupting multiple systems within seconds. In today’s integrated infrastructure, the breach may even pose a growing threat to your customer and partner systems. So, stopping an attack should not be the only concern; recovering from one quickly to keep customer and partner systems from going down is as essential.

In such scenarios, a backup system only provides half the answer. Instead, companies need to take a step back and look at their entire approach to handling a cyber breach holistically. We call it cyber resilience.

The 2019 Cost Of Data Breach report by the Ponemon Institute shows that data breaches originating from a malicious cyber-attack were not only the most common of the breaches, but also the most expensive. What’s more, the average number of days an organization needed to contain a cyber attack may take over two months or 84 days. Hackers are also spending an average of 230 days inside an organization before being discovered.1

A cyber resilience approach aims to address these issues and more from a holistic point of view. At IBM, we also see cyber resilience as about simplification, scalability and speed. Our purpose-built IBM Resiliency Orchestration with Cyber Incident Recovery simplifies testing without impacting the production environment; reduces the time for detecting data corruption and enabling faster response time; uses efficient point-in-time recovery to keep recovery point objectives (RPO) optimized; scales to handle large, site-level detection and recovery in minutes; improves visibility and reporting for addressing changing regulatory requirements.

To achieve these, the solution relies on a modern cyber resilience architecture. It features immutable storage based on write-once-read-many (WORM), air-gapped protection for isolating backup and production environment, configuration data verification, and automating the end-to-end manual recovery processes for data, applications, and all infrastructure components at a click of a button. Resiliency Orchestration helps speed solution implementation by leveraging an extensive library of more than 600 predefined patterns that can be combined to build intelligent recovery workflows for enterprise applications that span multiple technologies, including hybrid, multi-vendor, physical and virtual environments.

The dashboard and reporting capabilities keep both the management and working teams informed of their real-time DR posture and recovery capabilities. These capabilities enable organizations to meet the required RPOs and RTOs (SLAs), and meet the objective of continuous business operations.

Changing the CIO-CISO Conversation

IBM Resiliency Orchestration with Cyber Incident Recovery gives an additional step that often gets overlooked. That is getting CIO and CISO to collaborate.

CISOs traditionally focus on improving cybersecurity and mitigating cyber risks; CIOs are responsible for the overall IT architecture, mitigating disaster recovery risks and how IT is aligned with the company’s goals.

The IBM Resiliency Orchestration with Cyber Incident Recovery is designed with both roles in mind. It combines all the security responsibilities of a CISO with the IT objectives of the CIO. It also offers reports and numbers that both can use to create the right cyber resilience plan for their organization.

When, not if, a cyber breach occurs, the company will be ready.

For more information about IBM Cyber Resilience Services, please go to here



1 – ‘2019 Cost of a Data Breach Report – research sponsored by IBM, independently conducted by Ponemon Institute LLC, July 2019

Director of Sales, Europe, Asia Pacific, Greater China Group, Resiliency Orchestration, IBM Global Technology Services

Anurag Kuthiala

Executive Solutions Leader, Europe, Asia Pacific, Greater China Group –Resiliency Orchestration, IBM Global Technology Services

More Services stories

IBM專家觀點:從ChatGPT走紅,談企業需要甚麼樣的人工智能 —— 從「百事通」到「業務助手」

  ChatGPT火爆出圈 最近幾週,AI業界最大的新聞無疑是ChatGPT橫空出世,從而引發的業界震動。 市場上有大量的評論文章,有把它描述成無所不能的,大有代替人類職業之勢; 也有提出擔憂,某些頂級學術雜誌和知名高校已經明確限制AI作者發表論文和科研成果。

Continue reading

ASL Optimizes Application Performance with IBM AIOps Solution

  Organizations are now accelerating their digital transformation, therefore transforming the application landscape and making it more hybrid and complex. However, Hong Kong has seen a shortage of tech talent in recent years, presenting several key challenges to organizations when managing their applications.   The talent shortage is an urgent concern that is currently slowing […]

Continue reading

Putting Sustainability at the Heart of Business as the Key to Success

Increasingly, we are witnessing climate change play a growing role in staying abreast in a competitive business market. Just late last year, the Hong Kong government announced the Hong Kong Climate Action Plan 2050, setting out the vision for achieving carbon neutrality before 2050, with an interim target to reduce carbon emissions levels by 50% […]

Continue reading