How to Optimize Disaster Recovery Plans to Withstand Cyberattacks

As cyberthreats continue to compromise the safety of healthcare organizations, IT leaders must reassess protection and recovery strategies.

Disasters strike more often than anyone likes to admit, threatening to take systems offline and lose data to the ether. This is why healthcare organizations, regardless of size, are required to implement a disaster recovery solution.

But as technology evolves, threats are advancing alongside it. Moreover, being compliant and being secure are not the same thing — and while having a disaster recovery plan may make your organization compliant, it won’t necessarily make it more secure.

MORE FROM HEALTHTECH: Check out how the cloud improves backup and recovery for healthcare orgs.

Disaster Recovery Meets Cybersecurity 

While most IT teams have plenty of experience preparing for physical and human-related disasters, cyberthreats present a new and more dynamic challenge. To effectively protect against evolving cyberthreats, healthcare organizations should view DR as just one component of a cybersecurity plan. Ensuring it's an effective part of an overall security plan requires IT teams to ask certain questions to put the right structure in place.

Teams should ask what systems the organization has in place that can:

  • Prevent and detect intrusion
  • Prevent account compromise
  • Monitor file access and potentially malicious activity
  • Restrict inbound and outbound web traffic
  • Protect email from phishing, malicious attachments and other threats

Teams should also ask:

  • Do we have firewalls in the right places and performing the right functions?
  • Do we have staff trained in security measures (system hardening, for example)?
  • Do we have sufficient real-time monitoring and alerting to stop attacks?

Typically, these questions are overlooked by IT teams seeking to develop a disaster recovery plan.

Identify Potential Disaster Recovery Gaps in Cybersecurity Plans

Performing a cybersecurity risk assessment against a DR plan can be the easiest way to identify potential gaps. One of the first steps in this process for IT leaders should be conducting a likelihood/impact analysis for each type of cyberthreat against the organization's recovery solution. This will allow the IT team to determine the technical likelihood that malicious software could impact the DR setup, and will help them understand the different ways malicious software or activity could be used to cripple local systems and the DR arrangement.

Additionally, teams should seek to figure out which controls or countermeasures the organization has in place, as well as what is still needed to effectively protect against threats. If malicious activity compromised an organization’s systems, what would recovery look like? Map out what third-party assistance IT teams could leverage quickly if a cyberattack overwhelmed staff.

While healthcare organizations may not be able to prevent a cyberattack from happening, taking steps to prepare for an attack can go a long way in helping to mitigate the impact and enable faster recovery.

MORE FROM HEALTHTECH: Learn more about how flash storage can optimize backup and recovery.

3 Threats for Healthcare Organizations to Consider

Disaster recovery efforts are typically aimed at protecting against three types of threats:

  1. Physical threats include fire, flood and storms, as well as unexpected destruction of the data center. These are the kinds of DR scenarios IT and security leaders have been addressing for decades, and they’re fairly easy to understand and plan for.
  2. Human threats generally consist of errors (unintentional harm) and malicious insiders (intentional harm). From accidentally deleting a set of files to misconfiguring file shares, most mishaps can be corrected by fixing the error or reverting to backup copies. DR plans can account for these kinds of errors by thinking through the countermeasures needed to correct the most impactful errors. Malicious insiders, meanwhile, are those who have been granted access and intend to do harm either out of spite or for financial gain. These threats are difficult to address via standard DR plans and have more similarities to digital security hazards.
  3. Cyberthreats include insider threats, external malicious hacking and everything in between. In these cases, standard DR solutions may or may not cover the organization’s risk, though most executives or boards believe that because they have a DR plan, they are covered. Unlike typical events, such as fires, cyber events, are dynamic and come with a high likelihood of occurrence and a low likelihood that they can be mitigated by traditional DR methods.
More On Backup and Recovery, Disaster Recovery, Endpoint Security,