What Is a Disaster in Cybersecurity?
A disaster in the context of cybersecurity refers to anything unforeseen that significantly puts your organization at risk because it interferes with necessary operations. This can include natural disasters like a flood or events caused by people, such as when a construction crew accidentally severs a power line or a water main.
A cyberattack is also considered a man-made disaster because it is unforeseen and can negatively impact the functioning of your business. In many cases, an interruption falls short of being a full-fledged “disaster,” such as when a backup generator is able to keep power flowing to essential systems.
What Is Disaster Recovery?
Disaster recovery is the way in which you resume regular operations after a disaster. This is typically accomplished through the resumption of essential activities and the processes and systems used to support them.
For example, part of most disaster recovery plans involves regaining access to data, software, hardware, networking equipment, connectivity, and power. In some situations, your essential facilities may suffer damage or even be destroyed. In this case, the activities necessary to restore function may also include logistical factors such as locating other places for employees to work, sourcing items essential for work—such as computers, desks, chairs, or transportation—and restoring communications.
Disaster recovery must go according to a disaster recovery plan, which is a detailed, documented set of procedures designed to minimize the amount of time it takes for the organization to recover.
How Does Disaster Recovery Work?
Disaster recovery depends on replicating data and essential computer processes in an area that will not be impacted by the disasters in question. In the event a server goes down due to a natural disaster, the business has to make sure it can recover any lost data at a secondary location where the data has been backed up. In an optimal setup, the business can transfer all essential computer workloads to the remote location with as little downtime as possible.
A disaster recovery plan should account for disasters that are both geographically dependent and those that occur regardless of physical location. For example, if a datacenter used for disaster recovery is a mile away from your place of business, it may be adequate to help the organization recover from a cyberattack. But if there is extensive flooding or a hurricane, there is a high chance the data-center will be impacted as well.
What Are Some of the Disaster Recovery Plan Elements?
Disaster recovery involves delving into a number of methodologies and technologies. However, every effective disaster recovery strategy involves the following five elements:
- A disaster recovery team: The organization assigns a team of people responsible for making, implementing, testing, and managing its disaster recovery plan. The plan must outline the role of each member of the organization, as well as their responsibilities in the event of a disaster. If a disaster happens, the team members must have predetermined methods of communication with each other, employees, customers, and vendors. The communication plan should account for likely infrastructure failures that may negatively impact email and other methods of conveying information.
- Evaluation of risk: The organization must figure out the various hazards that are likely to necessitate a disaster recovery plan. Then the appropriate measures should be designed based on the event type. This may vary depending on geographic location. A range of natural disasters—even those uncommon to the area—should also be accounted for. When considering what to do in case the organization suffers a cyberattack, the functionality of the systems and endpoints at risk must be included in the disaster recovery plan, as well as essential and sensitive data.
- Identification of business-critical assets: An effective disaster recovery plan documents the systems, data, applications, and related resources that are most essential to maintain business continuity. The plan should also outline the steps needed to recover and protect important data.
- Backups: First, the team needs to figure out what must be backed up or moved if a disaster hits. The organization also has to make sure the backup methods are established, as well as who will be responsible for creating the backups and performing any restorations or migrations. The plan should involve a recovery point objective (RPO), which dictates how frequently backups are made, and a recovery time objective (RTO), which outlines the maximum acceptable amount of downtime the organization is willing to tolerate after a disaster. The data from these metrics will serve as a guide as the IT team determines disaster recovery objectives.
- Testing and optimization: The recovery team is responsible for making sure the disaster recovery system is ready for an event by continually testing it and updating its various elements. For cyberattacks, for example, the team must make sure the security measures in place are up to date and reflect the most recent cyber threats on the landscape.
How to Create a Disaster Recovery Team?
A disaster recovery team includes the following roles:
- Senior Crisis Manager: The person in this role has the authority to implement the disaster recovery plan by communicating with disaster team members, employees, and customers to coordinate the disaster recovery efforts.
- Business Continuity Manager: This manager ensures the disaster recovery plan addresses the issues discovered from a business impact analysis.
- Impact Assessment and Recovery Manager(s): These IT and business experts assess the damage and fix IT infrastructure, servers, applications, and databases.
What Are the Types of Disaster Recovery?
There are several types of disaster recovery methods, and an organization can choose one or combine multiple techniques to suit their situation.
- Backup: Backup is the most basic kind of disaster recovery. Backing up involves storing data either off-site or in a removable drive. Backing up, on its own, is typically insufficient because the network infrastructure is still left without a recovery solution.
- Cold site: When an organization uses a cold site, they set up some of the most essential elements of their infrastructure in a remote site that is rarely used. If a disaster occurs, employees can relocate to the cold site and resume their work. Because a cold site typically cannot recover or protect data, it may be an insufficient solution on its own.
- Hot site: A hot site has copies of data that are regularly updated with essential data. They cost more to set up, but they allow a business to recover with far less downtime.
- Disaster-Recovery-as-a-Service (DRaaS): If an organization is struck with a ransomware attack, a DRaaS company shifts the organization’s computer processing to a cloud-based infrastructure. This makes it possible for the business to keep operations going even if its own servers are down. In many cases, an organization can benefit from lower latency by choosing DRaaS servers that are close by. However, some disasters may also affect the DRaaS infrastructure if it is physically close to the organization. Therefore, some companies opt for DRaaS providers with servers that are farther away.
- Backup-as-a-Service: With BaaS, a third-party provider is tasked with backing up the organization’s essential data. The IT infrastructure itself would still need a recovery solution, however.
- Datacenter disaster recovery: A data-center depends on physical elements to store and process data. Data-centers must keep elements such as fire suppression tools and backup power at the ready to reduce or negate the effect of disasters that can impact physical infrastructure.
- Virtualization: With virtualization, an organization can back up operations and data on a replica of pieces of its system. With some architectures, a complete replica in a virtualized environment is possible. The virtual machines, positioned off-site, can be used by the company to quickly resume operations. Virtualization also makes it straightforward to include automation as part of the disaster recovery solution. The transfer of data and workloads can be set up to occur frequently or on a regular basis, which ensures the recovery solution is up to date and ready to handle the necessary workloads.
- Point-in-time copies: A point-in-time copy is a snapshot of an organization’s entire database. If the data is unaffected by a disaster, a point-in-time copy can be used to restore data at a certain time in the past.
- Instant recovery: With instant recovery, both the data and the entire virtual machine are included in a snapshot, making it possible for data and processes to be recovered quickly.
What is Disaster Recovery as a Service (DRaaS)?
Disaster Recovery as a Service (DRaaS) uses cloud services managed by a third party to host and replicate critical path functions for full recovery in the face of a disaster. A service-level agreement (SLA) defines the role and responsibilities of the DRaaS provider in the recovery efforts and the timeline.
Disaster Recovery vs. Business Continuity
Disaster Recovery is part of Business Continuity. Business Continuity is a proactive effort to mitigate risks and plan for an organization's operations to continue regardless of the type of interruption. Disaster Recovery focuses on the IT infrastructure and systems needed by the organization to resume operation after an interruption occurs.
How Fortinet Can Help
An effective disaster recovery system is only as good as its security. With the Fortinet Security Fabric, you can make sure your disaster recovery infrastructure is safe from attackers, so you can be back up and running with the help of uncontaminated systems and data.
The FortiGate next-generation firewall (NGFW) provides deep packet inspection (DPI), making it an effective tool to use on the edge of your disaster recovery network. With DPI, FortiGate not only catches the threats that normal firewalls detect but it also uses artificial intelligence to look deep inside the contents of a data packet to identify malware and other threats that can impact your disaster recovery architecture.
The FortiWeb web application firewall (WAF) provides protection for your disaster recovery system against both zero-day attacks and threats to your web application programming interfaces (APIs). If your disaster recovery system incorporates a parallel system running a business-critical API, FortiWeb can keep it protected so it is ready to go to work immediately in the event of a disaster.