We have been hearing a lot about the rise in cyber attacks. ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data, reports a continuing escalation in both the size and frequency of attacks this year. The World Economic Forum has listed cyber crimes as a “top global risk” and warns that “industrial-scale attacks are on the rise.” Although all companies are at risk, small to medium size businesses have become a primary target.
Although cyber attacks are on the rise, the defense systems most organizations have in place, are inadequate. Security systems and corporate processes that may have worked five years ago are no longer enough to protect against today’s cyber criminals who have become far more sophisticated.
Beyond cyber attacks, data loss and extensive downtime can come from many others sources including, hardware failures, various natural disasters or seemingly simple power outages. No region or size of company is exempt. According to the Federal Emergency Management Agency (FEMA), “more than 40% of businesses never reopen after a disaster, and for those that do, only 29% were still operating after two years”. For an SME with fewer resources, any extended system downtime, due to any cause, can lead to network failure and data loss, reduced cash flow, lost orders, increased staffing costs, damaged inventory, and a greater possibility of company failure in the short term.
An important question to consider is, where would your organization be if the power went off for 24 hours? Five days? What if the power went out for ten days? Many organizations try to minimize damage by shifting financial responsibility to an insurance company, but that will not solve the biggest problems faced by an organization today after a disaster: data loss, lost revenue and customer loyalty.
The first goal of Disaster Recovery planning is to ensure the survival of your data and that means a backup strategy, but to protect against a wide range outage or major disaster you must replicate your data and store offsite – far enough offsite that it is not also endangered by the same disaster event. For example, in 2012, Hurricane Sandy spanned more than 1,100 miles. The second goal is to stay up and running or at least, recover quickly and that requires a robust infrastructure and a solid recovery process in place.
The goals are clear, so, why aren’t companies more prepared? The reasons for lack of preparedness is partially a matter of understanding the options for mitigating damage. With the complexity and interoperability of today’s networks and services, it is hard for any organization to keep up with the latest innovations and constant technological advancements. Many companies turn to outside experts to help them put in place an appropriate and effective disaster recovery plan.
In addition to Disaster Recovery (DR) planning, every company benefits if an umbrella plan for Business Continuity (BC) is in place. While Disaster Recovery processes are put in place to save data with the ability to recover it in the event of a disaster, Business Continuity planning is a business-centric process and refers to the management oversight – the policies and procedures that keep your data safe and accessible but also help keep your business running during (or very shortly after) a failure or disaster.
Traditionally Business Continuity and Disaster Recovery planning have been separate initiatives between the corporate business and the IT department, but these days when every business is fully dependent on technology, to achieve true Business Continuity these plans much work together. As with all technology today, network infrastructure and systems interoperability has become extremely complex as more and more variables have to be taken into consideration. Solutions often exist beyond the scope of IT departments already stretched to their limits managing daily challenges. Many organizations are looking to experienced third parties to identify Disaster Recovery options and help them define Business Continuity solutions that work for their unique environment.
A typical approach may include:
- Determination of the level of current IT recovery capacity and technical capability gaps
- A determination of Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
- Financial implications and business case justification
- Actions for remediation
- Mitigation strategy, exposure reduction, and a roadmap plan of action
Keeping up with new security technologies and mitigation and recovery methods is challenging corporate IT departments. The vulnerabilities keep changing and therefore, the solutions. It takes time and experience to defend your company against security risks, create a cyber security policy, train employees, and implement it company-wide, but the results will bring peace of mind knowing your company is thoroughly prepared for the worst case scenario.
Need more information? I know all the right people. Contact me.