Reports have consistently indicated that supposed tech-savvy firms have a long way to go in terms of implementing effective system security measures to enable them to more effectively recover from system intrusions—known simply as intrusion recovery. For example, a recent IBM Corporation study found that although 86% of companies surveyed said they used firewalls, 85% said they used anti-virus software, and 74% said they used authentication procedures, only 63% of the companies surveyed said they used encryption software—and less than 50% said they used intrusion detection and prevention systems. Taken as a composite, these survey statistics suggest that there is considerable opportunity for serious data loss or data manipulation incidents to occur in companies today.
Accepting that computer system downtime equates to high revenue losses for companies, a 2002 recent survey of Fortune 1000 companies conducted by the Find/SVP consulting company indicated that the average downtime resulting from network intrusions lasted, on average, four hours, at an average cost of $330,000. Moreover, according to this survey, a “typical” company experienced, on average, nine downtimes per year. The losses incurred were almost $3 million per year —not including the losses associated with a total lack of employee productivity.
The initial step in preventing unauthorized access is the deployment of intrusion-prevention systems that actively and automatically limit access to systems. Attacks that cannot be blocked by the prevention systems typically would be detected by intrusion-detection systems, defined as applications that monitor operating system software and network traffic for real or probable security breaches. If these systems fail and an attack is successfully completed, other steps need to be in place—including having an appropriate disaster recovery plan.
By definition, a disaster recovery plan is a strategy outlining both the technical and organizational factors related to network security. Such a plan should start with a comprehensive assessment of the network to determine acceptable risk levels to the system. These results can then be utilized to produce a set of security policies and procedures for assisting employees and workgroups in case a network disruption or stoppage occurs. Moreover, decisions can also be made by system administrators as to which particular methods and systems will be required by the organization so that it can implement its security policies and procedures quickly and effectively—the primary goal of intrusion recovery.
Peddle, D. Identifying Vulnerabilities In Networked Systems. [Online, June 29, 2004.] CBL Data Recovery Website. http://www.cbltech.com/article-identify.html.