Cyber resiliency is the key to business continuity
Cyberattacks are a continual threat to business continuity. It’s not only about the sheer volume of intrusions but also the increasing level of sophistication cybercriminals display. Breaches are penetrating deeper into the stack, from hardware and software layers to application, network and even chip-level infrastructure. The consequences of these cyber attack are becoming more serious.
Average total cost of data breach, according Ponemon’s 2017 Cost of Data Breach study, is $3.62 million. Often, these costs include not just financial loss but reputation damage and regulatory action. Early detection and recovery from a data breach can substantially reduce its impact. That’s why when it comes to recovering from a breach — any outage, for that matter — every second counts.
The cyber resiliency mindset
While there is a need to prevent all means of unauthorized entry, this approach is no longer enough. Despite best protection, there’s a more than 1 in 4 chance than a given company will incur a data breach, according to the Ponemon report.
Many organizations are starting to rethink their cyber strategy and are adopting an integrated, holistic approach that includes not only prevention but also rapid recovery once a breach occurs. While these cyber incidents may be impossible to prevent entirely, how an enterprise reacts to them can mean the difference between a nuisance and an outright catastrophe.
Cyber resiliency is the new mindset, combining both information security and business continuity. By taking a life cycle approach to cyber resiliency, organizations can prepare, protect, detect, respond and rapidly recover from cyberattacks. The overall goal is to minimize downtime and loss and to take a more business-focused, customer-oriented mindset. This type of model helps build a high level of trust between the enterprise and its customers, leading to stronger brand loyalty and increasing faith in the organization as a safe and reliable steward of critical data.
In a typical cyberattack, continuous network exposure results in corruption spreading to disaster recovery sites, rendering them unusable. Recovery from traditional tape and disk backups is time-consuming, especially when we look at the large enterprise landscape. This problem is compounded by some of the newest ransomware viruses, which target disaster recovery and backup copies directly. Some of the new attacks blow up into full-scale disruption within hours, allowing little time to respond and recover.
To respond to these challenges and manage rapid recovery from a cyber disruption, organizations should orchestrate platform configuration and data recovery. There should be a mechanism of real time testing and validation of configuration changes to protect data, device, virtual machine and bare-metal systems configuration. Companies should rely on user-validated data to make a golden copy for restoring data in case of a breach. For data recovery, copy data management and cloud object storage enable efficient, fast recovery.
At the same time, a “write once, read more” (WORM) architecture helps maintain the integrity of the immutable storage environment. An air gap mechanism should provide protection from network exposure. The entire recovery process should be well-orchestrated, with real-time reporting and response capabilities that enable the enterprise to achieve rapid recovery needs against outages and keep pace with an always-on world.
Organizations should regularly test the effectiveness of their cyber recovery capabilities. Extensive visibility and reporting of cyberincident recovery testing processes will help ensure compliance and readiness. These are essential for enabling a cyber resilient enterprise.