9 min read time

Complying with Global Cyber-Security Regulations

by   in Portfolio

Introduction

It is quite likely that you are doing business in a territory that either directly or indirectly forces you to have a reasonable backup and restore policy in place. Some areas like the European Union (EU) and Australia have legislation in place that requires organizations to be well prepared for cyber-attacks. Other countries like the United States and Canada are suggesting secure behaviors for digital infrastructure. In either case not following these regulations or suggestions can have very severe financial impacts on your organization. In Europe and Australia organizations face high fines when not complying with GDPR and NIS2 regulations. The maximum fine for not conforming with GDPR is € 20 million or up to 4% of total global turnover. € 4.4 Billion of fines have accrued since the inception of GDPR until end of 2023. In Northern America data breach settlements and their drastic payments following cyber-attacks can put organizations out of business. First American insurance agreed to a settlement of $ 1 Million due to cyber-security violations in late 2023.    

 

Why backup and restore is a powerful protection against the consequences of cyber attacks

Backup and restore strategies serve as a powerful line of defense against not only cyber-attacks, particularly ransomware. In the event of a cyber-attack, crucial data can be lost or held hostage, causing significant disruption to operations, and potentially leading to substantial financial loss. However, having a robust backup and restore strategy in place ensures that even if data is compromised, a copy is safely stored and can be restored. This not only minimizes downtime but also reduces the leverage cybercriminals have in ransomware attacks. By regularly backing up data and ensuring it can be effectively restored, organizations can maintain business continuity and resilience in the face of cyber threats. It's a critical component of a comprehensive cybersecurity strategy.

Why backup and restore should include AI-based malware and ransomware detection

AI-based ransomware detection plays a pivotal role in swiftly identifying and mitigating ransomware attacks. Traditional security measures often rely on known signatures or patterns, which can be ineffective against novel or sophisticated ransomware strains. However, AI can analyze vast amounts of data and identify subtle patterns or anomalies that may indicate a ransomware attack, even if the specific strain has never been encountered before. This allows for quicker detection and response, limiting the potential damage and can detect other unwanted anomalies as well.

 

How OpenText Data Protector ensures organizations are compliant with cyber-security and data protection legislations globally.

 

Data backup and restore

Contemporary digital enterprises require robust defenses against cyber threats that could be launched by external or internal malevolent entities. These threats encompass viruses, data infringements, denial of service (DoS) attacks, and ransomware. To combat these hazards, To be compliant with regulations, IT teams must be ready to recover all data and recommence operations in minimal time following an assault. Backup and Recovery ought to be the cornerstone of a cybersecurity and cyber resilience strategy for every organization's digital resources.

OpenText Data Protector is an enterprise-scale data backup and restore software solution that provides fully integrated functionality for heterogeneous environments. It delivers secure, compliant backups of all company data from a single management point.

Fast restoration ensures operations quickly return to normal, minimizing revenue loss and maintaining reputation. Anomaly detection integrated into data backup and restore systems eliminates the need for additional licenses and cost for ransomware detection software.

In summary, OpenText Data Protector is a very flexible and comprehensive solution for data backup and recovery, offering robust protection against cyber threats and ensuring compliance with data protection regulations globally.

AI based ransomware detection

Irregularities in backup data can be vital signs of a ransomware intrusion. Ransomware inherently modifies data through encryption, and these modifications can be identified as irregularities. For example, an unexpected surge in the volume of altered data in a backup might suggest that files are being transformed by ransomware encryption. Likewise, recurring disruptions in backup procedures could signal that ransomware is meddling with standard operations.

Furthermore, if files that typically remain constant and seldom vary (like system files or old data) begin to exhibit changes, it might indicate ransomware involvement. Additionally, the detection of known ransomware file extensions or ransom messages in a backup can be a definitive sign of an intrusion.

It's crucial to understand that while some of these irregularities can hint at a ransomware intrusion, they might also be attributed to other causes. Hence, any irregularity detection should be incorporated into a comprehensive, multi-tiered cybersecurity approach. It's always advisable to promptly examine these irregularities to counter potential risks.

Data Protector employs machine learning to identify irregularities in backups that could suggest ransomware assaults and other harmful digital activities. These unusual activities are displayed on the Data Protector dashboard and should be immediately checked.

Administrators can simply click on the irregularities to access the details page for each anomaly. From this page, administrators can understand why an activity has been flagged as an anomaly and determine whether it is expected behavior or potentially malicious activity.

Implementing Artificial Intelligence in Data Protector is straightforward. The only action required from an administrator is to activate anomaly detection. Once activated, the system begins to identify and report anomalies on the Data Protector dashboard for human verification.

The integration of anomaly detection into data backup and restore systems adds an additional layer of security to prevent cyber-attacks. Administrators can swiftly respond to detected threats and implement necessary countermeasures to maintain system health. Data Protector detects not only ransomware but also other potential attacks that could be initiated by employees or other malicious actors.

 

Security features of OpenText Data Protector

  • Centralized command and control
  • No Data Protector tool/agent or command is executed without the backup server’s permission.
  • Integrity protected encapsulated transportable format for backup data.
  • Secure client communication via TLS.
  • Configurable Data encryption for in-flight transport.
  • AES/TLS data encryption per client .
  • Network Port Consolidation - only one major port for DP operations.
  • Two-factor authentication eliminates 99.9% of attacks that already gained access to the backup and restore software via phising attacks . Integration of local users and LDAP directories.
  • Skip on restore, skip parts you identified as infected to avoid reinfection on restore.
  • Catalog data on media, avoid scenarios where backup catalog data on primary media has been deleted by bad actors and restores are impossible.
  • Robust disaster recovery procedures for central backup server components.
  • High-availability (HA) features for central backup server on both Windows and Linux.

Regional data protection regulations

Australia

The Australian Government has pledged to emerge as a global pioneer in cyber security by the year 2030, a vision articulated in the Australian Cyber Security Strategy for 2023-2030. Enhanced cyber defenses will empower people and enterprises to thrive and bounce back rapidly in the aftermath of a cyber intrusion. Furthermore, the Australian Government is dedicated to ushering in a novel phase of collaboration between the public and private sectors. This endeavor is geared towards bolstering Australia's cyber security and resilience.

https://www.homeaffairs.gov.au/help-and-support/how-to-engage-us/consultations/cyber-security-legislative-reforms

Canada

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) doesn't explicitly mention data backup. However, it does outline principles related to the safeguarding of personal information, which can be interpreted to include data backup and recovery measures. Under PIPEDA, organizations are required to protect personal information with security safeguards appropriate to the sensitivity of the information. This includes protecting against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Organizations are also required to protect personal information regardless of the format in which it is held.

While PIPEDA doesn't specifically mention data backup, these safeguards can be interpreted to include backup and recovery measures. Regular data backups can help protect against loss of data, and encryption of backup data can protect against unauthorized access.

The Personal Information Protection and Electronic Documents Act . https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/ .

 

EU

The EU has decided on the NIS2 ruling (2023) which all member states need to turn into local law by late 2024. This legislation forces organizations to fulfil the following requirements:

  • Early detection of attacks
  • Fast reaction
  • Complete restore.

The only way to fulfil these requirements is to use a robust backup and restore technology like OpenText is offering with Data Protector.

Read more about DORA and NIS2 and data backup and recovery regulations.

GDPR indirectly requires backup and restore. Reliable backup and restore are essential to meet Art 5 and Art 32 requirements.

 

NIS2 https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

GDPR https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

 

USA

As mentioned before, in the US cyber security is supported by providing guidelines on how to secure systems against cyber-attacks. There are several legislations for federal authorities and for vertical markets. Currently there is no overarching cyber-security legislation or data protection legislation. The extreme payouts following lawsuits make it more than necessary to have a very effective ransomware protection through backup and restore in place.

Federal US sites providing data protection guidelines:

https://www.cisa.gov/sites/default/files/publications/data_backup_options.pdf

NIST Releases Tips and Tactics for Dealing With Ransomware | NIST

International

Organizations operating internationally might be required to prove they adhere to ISO 27001.

Adhering to ISO 27001(2022) requires backup and restore in place.

Here is a summary of ISO 27001:

  • ISO/IEC 27001 is an international standard for information security management systems (ISMS) that specifies the requirements for establishing, implementing, maintaining and improving an ISMS in any type of organization.
  • ISMS is a systematic approach to managing the security of information assets, such as data, systems, networks and devices, by applying appropriate policies, procedures, controls and measures to protect them from various threats and risks.
  • Benefits of conforming to ISO/IEC 27001 include enhancing the resilience to cyberattacks, ensuring the confidentiality, integrity and availability of information, complying with legal and regulatory obligations, and gaining a competitive advantage in the market.
  • Certification to ISO/IEC 27001 is a voluntary process that demonstrates the compliance of an organization's ISMS with the standard's requirements. It involves an independent audit by an accredited certification body that verifies the effectiveness of the ISMS and issues a certificate of conformity.

 

https://en.wikipedia.org/wiki/ISO/IEC_27001

https://www.iso.org/standard/75652.html

 

Summary

 Data backup and restore is crucial for fulfilling cybersecurity legislation for several reasons:


1. Data Security and Compliance: Backup and disaster recovery play a significant role in ensuring data security and meeting regulatory requirements. By storing multiple copies of data in secure data centers, businesses can demonstrate their commitment to data protection.
2. Mitigate Risks: A data backup and recovery plan can help businesses mitigate the risks associated with data loss and downtime. Regularly backing up data and testing backups to ensure they can be successfully restored is a key part of this strategy.
3. Recovery from Cyber Incidents: Regular testing of backups can give organizations confidence that they can recover from a cyber incident. This is particularly important in the case of ransomware attacks, where data may be encrypted and rendered inaccessible.
4. Protection Against Data Loss: Backups reduce the risk of data loss due to human error, hard drive failures, and malware infections. They also allow for quick restoration of data, minimizing downtime and potential revenue loss.
5. Cost-Effective: Integrating backup and recovery into cybersecurity strategies can eliminate the need for additional licenses and costs associated with separate ransomware detection software.
In summary, data backup and restore is a critical component of a robust cybersecurity strategy, helping to ensure data integrity, meet compliance requirements, and provide a means of recovery in the event of a cyber incident.

 

Request a free trial of OpenText Data Protector 

Learn more about Cloud data backup and restore 

Labels:

Data Protection