An Era of Growing Regulations in Cyber Resilience
In today’s evolving threat landscape, cyberattacks are inevitable. In response to the rise in cybercrime, we are entering an era of cyber resilience regulation. Authorities understand the critical role that digital infrastructure plays in modern life, and the EU is tackling systemic risk in critical digital systems with ever more regulation and compliance.
To this end, two new regulations, the Network Security and Information Directive 2.0 (NIS2), and Digital Operational Resilience Act (DORA) are coming into force in late 2024 and early 2025, which are heavily focused on the financial and critical infrastructure sectors. These new regulations aim to help organisations build cyber risk management and operational resilience into their critical business systems by demanding higher levels of visibility, control, monitoring, and reporting.
Minimising downtime and business disruption
One of DORA’s key focus areas is around business continuity and it outlines that institutions must deliver secure and highly available solutions and services to meet compliance targets. It states that organisations must minimise any downtime or disruption to business and get systems back up and running as quickly as possible.
Ransomware is currently one of the most common forms of cyber-attack and has affected three out of four organisations in 2024, according to a recent report from Veeam. Financial institutions are under constant threat due to the types of data they hold, with personal data as well as payment and bank account details being the most highly sought-after by cybercrime gangs. We all know that ransomware is highly disruptive and we have had customers hit by ransomware attacks which have affected their IBM Power Systems and IBM i estate due to its integration with other systems. While IBM Power Systems servers continues to lead the market in performance, scalability, security and cost-efficiency, unfortunately integration with other systems can create insecure attack vectors.
Therefore, financial institutions must look at how they modernise all their third-party supplier systems and resources and how they can create more resilience for their critical information systems. This is where a clean room for data recovery post a breach is essential. In fact, as financial institutions become more aware of the impact that such attacks can have on their organisation, so we have seen more clients start to invest in and deploy clean rooms.
Clean Room Operational Resilience with IBM Power Systems
An isolated portion of your IT estate
For those less familiar, a clean room is a completely isolated portion of your IT estate separate from the infected systems. Restoring operations in a secure bubble enables organisations to recover completely from a breach in a safe and secure way, as attackers no longer have access to the infrastructure. Any systems affected by ransomware or malware are placed into a segregated environment so that they can be cleaned up and then put back into production. This not only speeds up recovery but means that infected files don’t impact day-to-day operations because they are completely off-grid and in an entirely separate environment free from potential remnants of malware, corrupted files or backdoor vulnerabilities left by hackers.
This approach is critical to breaking the attack chain. It means systems can be restored within days, as opposed to weeks or, even worse, months. The average time to restore systems without a clean room in place is 23 days. For many, this could put the organisation out of business, let alone the reputational damage they may incur. Additionally, a clean room data recovery ensures that an organisation meets regulatory requirements for safe and secure restoration after a breach. It helps ensure adherence to legal and regulatory frameworks, potentially avoiding fines and legal liabilities. But more than that, organisations have confidence in their restored systems while reducing any risk of data corruption. It also helps to minimise reputational damage because by taking the time to perform a clean room data recovery, organisations are demonstrating their commitment to secure practices, boosting confidence among customers and other stakeholders.
Clean rooms provide a faster approach to getting systems back online post an attack Share on XClean rooms for critical workloads
The clean room concept isn’t new and many organisations with VMware estates and primarily a Windows environment use clean rooms regularly. However, it is not used as often with critical workloads like those running on IBM Power systems. However, a clean room should reflect a customer’s whole estate as it is definitely a faster way to get a business back online after an attack.
One of our clients, a well-known finance and insurance company, has been very active in preparing for DORA and it has completely modernised its operational resilience, in particular how it works with its third-party ecosystem. For a hyperconnected digital business like them, even a small disruptive event can ripple through the entire organisation. While the insurance company has business continuity and backup plans in place, it wasn’t confident that these plans would deliver operational resilience during the moment of truth. This is where we helped to deploy a clean room data recovery approach which helped our client achieve the protection it needed for the organisation as well as its supplier ecosystem and the operational resilience required to ensure compliance.
Change and uncertainty is here to stay
Today, the world is becoming increasingly uncertain, and as risks proliferate, IT leaders must look beyond a crisis management approach to cyber-attacks to be able to achieve operational resilience. A review of an organisation’s operational resilience posture must prioritise a clean room for recovery.
As the stakes get higher, achieving operational resilience is a business imperative. Many organisations have witnessed devastating outages over the past few years, some of which could have been avoided. The road to recovery after a cyber-attack can be fraught with challenges and costs, but by adopting a clean room recovery approach for their IBM Power Systems Servers, our clients are significantly streamlining the process and enhancing the security and confidence in their restored systems. In our hyper-digitised era, I would encourage all our IBM Power clients to take a more robust approach to cyber and operational resilience around their critical systems – it could make the difference between a temporary setback and blip versus a long-term catastrophic event.