Protecting data from any eventuality

People with dubious intentions are increasingly looking to access corporate data, which must be protected from any eventuality if a business is to remain in good health. Companies therefore make regular backups, so that they can restore data after an incident.
But what happens if the backups themselves are compromised or cannot be recovered? With this in mind, DEEP has introduced a new solution: CyberVault.

This follows an attack on a Luxembourg organisation where there was a risk that DEEP's cybersecurity teams might not be able to restore the backed-up data. In this specific example, the incident was triggered by someone inside the organisation who could potentially have thwarted the recovery of backed-up data. Companies often ignore the internal risk, worried more about falling victim to an outside attack.

But without the ability to recover its data and IT systems, there’s always the possibility that the organisation could cease to exist.

Making sure that data can be restored

Taking into account this risk of sabotage and possibility that backups may also be compromised by hackers, DEEP’s cybersecurity teams considered their response. They needed to guarantee the integrity of back-ups and the ability to restore data from them in whatever scenario may arise. So they came up with a new service.

The threat is ever-changing and can take various forms. Shoring up the company’s defences must therefore consider these needs, especially as regulations (DORA, NIS2, etc.) are becoming stricter. To address these challenges, DEEP explored the technological possibilities available and tried to take an approach that covers any eventuality.

An innovative approach

With the Cyber Vault service, DEEP becomes a trusted third party, i.e. an independent body ensuring that entities can restore their systems whenever internal protective measures prove insufficient.

The service is based on a few key principles.

1.    Isolating and recovering the backed-up data

The system recovers the data according to a very specific procedure. Rather than having an employee make the backup, the solution itself opens a link to the customer’s workspace and recovers the data before disconnecting. In other words, the data is held in a separate place. In the event of an attack, the customer is assured that its backups cannot be compromised.

2.    Making data read-only

The solution ensures that nobody can alter backed-up data, which cannot be edited or deleted.

3.    Analysing new backups

The solution will then analyse the content to identify any errors as well as any viruses or threats. This analysis, which uses machine learning technology, considers more than 250 criteria. As well as detecting any malware, Cyber Data Vault will compare the most recent backup with the previous one to highlight suspicious activity. The key is to ensure that the backup is clean and the organisation can restore its systems safely whenever necessary. This analysis takes place in close partnership with DEEP’s Security Operations Centre (SOC) to classify and respond to any alerts.

Last sanctuary

As an essential service provider, DEEP took this approach in-house, investing in procedures that guarantee the highest level of security. The group then decided to offer the solution to other parties with a view to pooling resources and making participants in the Luxembourg economy even more resilient.

Cyber Vault should therefore be viewed as a last sanctuary – a maximum security area in which the most valuable digital assets can be kept safe. Above all, this means backing up the minimum viable product, i.e. the digital assets needed for business to resume after a crisis.

The importance of a trusted third party

The trusted third party concept is vital. Not only is the backup separate and disconnected from the organisation’s own systems, but data can only be recovered with the permission of both a company manager and a representative of the trusted third party. This shields the data from any attempt to compromise or sabotage it when the backups are needed. Cyber Vault really is a solution of last resort. Entirely developed and hosted in Luxembourg, this service is not limited to large firms and institutions, but can prepare any small or medium-sized enterprise for a cyberattack.
 

Thanks to Mohamed Ourdane, Head of CyberForce Department at DEEP for the interview!