Cyber security is a topic you hear about all the time, and it’s easy to understand why. Just look at the numbers.
According to IBM, the average cost of a ransomware attack is $5.2 million, and 83% of ransomware victims pay their attackers. Then it takes an average of 23 days to recover data.
That’s why cyber security measures are so important; most organizations would implement whatever measures are needed to prevent their data and software from attack. The problem is, even the most robust security measures can be overcome by cyber criminals.
That’s why you’re hearing more and more about cyber resilience.
What is it? In simple terms, cyber resilience is an organization’s ability to continue operating despite some sort of attack. We discussed it in this blog post when IBM rolled out Cyber Vault for Flash Systems, which help improve resiliency.
Today we want to talk about the broader concept of cyber resilience apart from a specific product. Just the fact that bouncing back from a cyber attack takes an average of 23 days makes cyber resilience an important topic.
And it’s hardly a new concept; in fact, Forbes magazine published an article in October 2020 talking about the need for cyber resistance in addition to cyber security. As the article noted, cybersecurity strategy is designed to minimize the risk of attacks getting through. But when they inevitably do, the cyber resilience strategy is there to minimize the impact.
Forbes recommended examining your organization to determine where cyber events and incidents could have the most damaging effects on the business. Drawing up a list of where your operations are reliant on technology, as well as where sensitive and valuable data is stored and used, will help you to gain an overall understanding of how continuity of service could be affected.
With an understanding of how core functions could be affected, cyber resilience involves putting in place measures to mitigate the damage as best as possible in the event of an attack. For example, you might develop offline emergency processes to keep essential functions such as customer service, quality assurance, finance, and security running as well as possible until the breach can be fixed.
In addition, you’ll need a solid cyber incident response plan to clarify:
- What needs to be done in the event of a failure or breach
- Who is responsible for taking those steps
- How to communicate the incident to stakeholders (customer services will have a core role to play here)
- How failures should be reported to regulators (which may be a regulatory requirement in your jurisdiction)
- How to assess and report the impact of resilience measures
- How to get back to normal operations as quickly as possible
That last bullet point could be the most important factor in resiliency. If the average time to recover is 23 days, just imagine what that amount of time could mean in terms of lost production.
To recover as quickly as possible, your system needs restore points that can be scanned and verified from the perspective that they are devoid of any kind of malware or ransomware fingerprints, as defined by the scanning tools themselves. You also need to create immutable snapshots of data that can’t be altered or deleted; the snapshots are key to recovering your data.
If all this work sounds daunting, contact us. The team at LRS IT Solutions can help you assess your organization’s resiliency capabilities and help you create a solid cyber incident response plan.
With resiliency in place, you could reduce your recovery time from 23 days to 23 hours or fewer.