Taking a forensic approach to security and recovery

Taking a forensic approach to security and recovery

With attacks on the rise, the best line of defence against cyber attacks is to be prepared

Sponsored Article

28th November, 2021

If all organisations are targets for cyber criminals – and this year has taught us that they are – then it is no surprise that how to respond to this lurking horror is a frequent topic of debate in boardrooms around Ireland.

However, Brendan Healy, services director with Triangle Computer Services, which specialises in providing managed services for IT infrastructure and critical systems, said that people may be surprised at how well some businesses are prepared.

“We expect people to be protected, to take the right measures, but what we hear is mixed,” he said.

Indeed, the natural expectation is that all businesses have done everything they can, but confusion is one of the key drivers of stasis in cyber security.

The reality today is that, yes, businesses need to take measures to protect their data, but they also need to be prepared for a breach.

Certainly, 2021 has been a tough year: according to Risk Based Security in the US, data breaches in the first half of 2021 exposed 18.8 billion records, while an analysis conducted by the Ponemon Institute for IBM found that 2021 saw a rise in the costs driven by breaches, rising to the highest average total cost in 17 years.

Healey said that having the right back-up measures in place was essential, but that cyber criminals were well aware of this.

“Your back-up data is the primary target of [malware] encryption,” he said.

Measures such as ‘air-gapping’, immutable filesystems that cannot be re-written to, and intelligent forensics can stop hackers’ attacks on back-ups in their tracks.

“You need to ‘air-gap’ it, but the real help is forensics. Adding forensics means that we can look into the data and check for patterns associated with attacks,” Healy said.

One reason why this is important is that attackers tend to lurk in systems for months before launching their attacks. As a result, going back to a back-up may not remove malware from systems.

The forensic process itself keeps a close eye on the tiniest of details, as the tactics used by cyber criminals continue to grow increasingly sophisticated.

“Hackers actually encrypt parts of files. Our software goes into the data and looks for patterns that show that,” he said.


Restore and reset

The goal, of course, is to get back up and running, but how rapidly a business needs to get back online depends on the nature of the business. All businesses need to recover quickly, but for some expectations are very high. Healy said that the recovery process, from discovering the hack to going offline and rolling back to back-ups, needs to be fast.

“Getting the business up and running should take no more than 24 to 48 hours, but for a financial institution you’d want to get that down to under 12 hours,” he said.

This kind of response will become increasingly common, though, as banks are pathfinders in the area.

“Banks have always been a target, so they’re used to it,” he said.

Triangle’s managed security drives value by bringing not only specialised technologies but also specialist skills, he said.

“You want people who are used to doing it. You don’t want to be learning as it happens, and you don’t have time to.”

This is only underscored by the global skills shortage in cyber security: in recent years many businesses have found that they cannot afford to pay the salaries demanded by in-house security professionals – if they can find any in the first place. Triangle, he said, brings these professionals to its clients.

“It’s a very specialised field,” Healy said.

Share this post

Related Stories

Renault Arkana: an introduction

eHealth in its many guises, is trusted and accepted by patients

Healthcare is a rapidly evolving area

We are on the cusp of a transformation