Due to increased attention on cybersecurity events in the news recently, Bluelock commissioned IDG Research for a survey of executive leadership and IT managers across six major industries. In this survey, 64% of respondents cited lost customer confidence as their primary concern in the event of a security breach. And yet, responses for current IT security practices suggest that companies may be ignoring reputational risks with an over-attention on prevention.
To be clear, there is nothing wrong with preventative measures to ensure no intruder breaches your company’s IT systems. In fact, you should definitely be educating your employees for how to identify phishing emails; practicing policies of “least privilege”; patching weaknesses; shoring up firewalls; and doing other precautionary planning to stop potential cyber attacks. Here’s the issue: Bluelock’s survey suggests an imbalanced attention on proactive tasks with a diminished attention on restorative measures.
Why is this a problem? In short, no security solution is 100% effective, no matter the IT investments and resources. It just takes a single click from a well-meaning employee to invite a malicious actor or malware infection. For this reason, it’s critical to have a Plan B – a comprehensive recovery plan to execute after a breach has been identified.
Preventative measures, when paired with a robust IT disaster recovery (IT-DR) strategy for fast reaction to any incident, delivers full protection for your business assets. Tape backups aren’t fast enough anymore, since retrieving them could take days, and companies no longer have that luxury. Now, mitigating the fallout from a breach demands something more than legacy practices and buying better insurance. Because data loss can cripple a business’s ability to recover from downtime and move forward, it’s critical to have a response plan that addresses the question of recovery speed. With 44% of executive leadership claiming that “inability to recover data and systems in less than a day” is their top concern in an event (following reputational impact), this makes fast recovery essential to company livelihood.
Take the use case of ransomware for example – which 51% of respondents claimed was the biggest security threat to their organizations. With an IT-DR plan that uses both real-time replication in the cloud as well as offsite backups for longer archival means, your company will have options should this type of event strike your business. Simply locate the newest clean copy of your backed-up data and reload your infected systems for continued operation. The goal of this approach is to avoid paying the attacker and have options when your company is faced with a crisis.
By giving restorative planning increased attention, balancing it with your preventative tasks, you can better identify areas where incident response could be hindered. This is why shoring up IT-DR practices is critical – something that an overwhelming 97% of respondents claimed was important to incorporate into an overall cybersecurity strategy. In short, IT resiliency for your organization means taking a holistic approach for nimble mitigation.
Since modern business depends upon always being available to provide customers the service they expect, any form of downtime risks reputational damage. Furthermore, customers must be comfortable sharing their sensitive information to make purchases, utilize services, etc., and this could be a problem for ongoing business if a security incident impacts this confidence.
For this reason, the relationship between having both preventative and reactive measures to mitigate security threats implies that if one is missing or insufficient, the whole strategy runs the risk of being vulnerable. While proactive measures are key to securing your organization’s IT systems, a failure to establish a restorative strategy is not only a missed opportunity but a threat to continued operations after an event.
Read the full survey results here: “State of IT Security, 2017: Prevention & Recovery Practices”
It’s no longer “if,” but “when” and “when again” your company will be attacked. Worse, sometimes these intrusions can go unnoticed for months.
In a recent ILTA-hosted webinar, COO of Goldberg Kohn discussed how her law firm evaluated and implemented an effective IT disaster recovery (DR) strategy to protect their business.
In an era of continuous business operations, being offline has become unacceptable. This drive for high availability, although exciting, also poses serious risks to the security of your data.