Although it is unlikely to find two sources that share exactly the same statistics, a host of recent reports, both independent and those sponsored by security experts, place South Africa among the most targeted countries in the world by cybercriminals.
By Barry Kemp, head of division: cloud at Nymbis Cloud Solutions
This is a hair-raising thought for C-suites, who – in addition to the rapidly increasing instances of cybercrime – face a host of physical security challenges in the wake of high crime and social unrest. However, this doesn’t mean businesses are sitting ducks. On the contrary, there is a great deal that can be done to help prevent and mitigate the impact of a cyber-attack such as ransomware.
To be fair, it is rare to find a C-suite that isn’t acutely aware of the need to have a strong cybersecurity strategy, yet many are missing an important cog in the protection machine. A business can have the best antivirus, best firewall, and best software around, but if a hacker breaches the defences – and they do – the last line of defence for a business is having a secure data backup, somewhere off-site. Even though backup and recovery isn’t a traditional security topic, it is one of the most vital aspects of a data security strategy.
Forbes wrote recently that ransomware, usually initiated through phishing, is the number one threat to both the private and public sectors. Ransomware allows hackers to demand payments or the business faces being disabled, which often comes at a massive financial and reputational cost.
Again, it must be said plainly – IT departments and managers have the right intentions but the reality of running an IT landscape means backups are often deprioritised to make space for daily operational tasks. An executive who cannot access email or a user whose machine won’t print populate tasks that soak up manpower and focus.
This mindset needs to change as backups should be of the highest priority to an IT team. The IT department should be actively testing backups, running disaster recovery tests and generally ensuring that in a disaster the business can be bought back online in the least amount of time.
If an organisation does not have the capacity to deal with the backups correctly, they need to work with partners who are experts in the field – it puts expert eyes directly onto the challenge and saves costs because instead of having one expert, a business has access to a partner’s team of experts who all support the backup strategy.
A good backup strategy should always make use of the 3-2-1 best practice rule. The basic premise is to have three copies of data on at least two different media – production data (Copy 1 – Media 1), a backup locally (Copy 2, Media 2) and an offsite backup (Copy 3, Media 3). Taking this a step further the offsite copy should be air-gapped, immutable or stored offline. This is what protects against ransomware.
Disaster recovery is key
Most businesses understand business continuity. If there is an event or catastrophe that prevents the business from being able to operate as normal there needs to be processes and procedures in place to get things up and running again as quickly as possible however what many businesses get wrong is to make IT responsible for the overall business continuity process.
That process revolves around the full business not just the IT department. Do I need temporary office space for my staff to work from, where do I store my stock or do I need to temporarily outsource some of my production processes, these are some of the general business questions around business continuity which do not involve IT. From an IT perspective, the requirement to get a business’s IT infrastructure running as quickly as possible is vitally important for a business to survive a disaster.
Having a disaster recovery plan and not testing it is a disaster in itself. Many businesses may run disaster recovery testing outside business hours but does this really test the disaster recovery process in a meaningful way? We, for example, have run disaster recovery tests with customers in a live environment, during live working hours.
This is the ultimate test of a disaster recovery plan and will provide the business, as a whole, with the confidence that in the event of a disaster, the business will be able to operate from an IT perspective. This also allows an IT team to resolve any potential issues and to understand how long a recovery will take.
Backup, disaster recovery or replication: what are the options?
There are different routes a business can take. It can run a backup which is the absolute minimum. The data recovery will take time, however not all businesses have the luxury of being down for long, and so they need to architect their solution to build in redundancies.
This redundancy involves replicating data between two locations or data centres and switching between the two when required. This switch needs to be configured and tested, there will still be a time gap, albeit much shorter than a traditional backup restore.
However, there are many businesses that cannot afford one or two-minute downtime, and in these instances, there needs to be active replication in your application. This is where numerous sets of data are actively synced across two or more different locations, all of the time. It is naturally more costly but reduces the recovery time objective (RTO) to zero effectively.
Just to be clear using both these forms of disaster recovery does not negate the need for a robust backup system to allow a business to recover data from the past if the need arises.
The decision on which strategy to follow comes down to a cost versus benefit calculation with the customer. How much downtime can they afford against the cost of the backup or disaster recovery solution?
Microsoft 365 – backups are your responsibility
If your organisation runs Microsoft 365 then you need to back it up. The assumption is that Microsoft backs up Microsoft 365 data but their responsibility is to keep the platform up and running not to be able to restore an email that was deleted a year ago but is now required for a court case. This is especially important for businesses operating in industries such as financial services where they are obliged to hold data for five or 10 years.
One important component of a Microsoft 365 backup strategy that has emerged in the past few years is Microsoft Teams. Fuelled by the Covid pandemic Teams is now being used by more than 280-million users worldwide and those users are storing company data, chats, meeting recordings and many other pieces of data in Teams. This data needs to be protected just as much as email and files in OneDrive or SharePoint.
Businesses would do well to consider working with expert partners who bring a broad range of skills and best practice to the partnership. Backup and disaster recovery are crucial cogs in the cyber security machine and must get the requisite planning and attention they deserve. The ever-growing scourge of cybercrime demands it.