In an era where cyber threats are constantly evolving and are happening faster and more frequently than ever, organisations must prioritise cyber readiness in the form of cyber resilience.
By Graham Brown, country manager for Commvault SA/SADC
Cyber resilience goes beyond having security measures in place to prevent an attack – it encompasses the strategies and practices that enable an organisation to recover from cyber incidents swiftly and effectively. This is crucial not only for minimising downtime and disruption but also for protecting sensitive data, maintaining customer trust, and ensuring compliance with regulatory requirements.
As the threat landscape becomes increasingly sophisticated, organisations that invest in robust cyber recovery frameworks and tools can better navigate challenges, safeguard their assets, and ensure continuity of business operations. By adopting a proactive approach, organisations can better navigate the complexities of today’s cyber landscape and fortify their defences against future incidents.
The current state of cyber readiness
The current landscape of cyber readiness reveals a substantial gap between organisations’ preparedness levels and the adaptive tactics employed by cyber attackers. Despite significant investments in people, processes, and technologies, many organisations struggle with the ever-evolving threat landscape.
A recent survey conducted by Commvault and GigaOm found that 83% of the respondents had experienced a material security breach in the past year, underscoring the urgency for enhanced cyber readiness.
One alarming trend is that attackers often linger within networks for over 200 days, allowing them to identify critical assets and escalate the damage during attacks. As organisations expand their attack surfaces to include various infrastructures, from data centres to cloud applications, they face increasing vulnerability.
Many companies cite the complexity of maintaining resilience and the associated costs as key barriers to enhancing their cyber readiness. The key is to leverage best practices and available resources, which can help organisations improve their recovery frameworks and strengthen their defences against future threats.
Threats and how to respond to them
To effectively prepare for recovery, organisations must establish clear plans for operational, disaster, and cyber recovery. Operational recovery aims to minimise downtime from routine failures, while disaster recovery addresses large-scale events like natural disasters. Cyber recovery, however, requires a more nuanced approach due to the unpredictable nature of cyberattacks.
Organisations that proactively implement recovery markers, such as off-site backups, immutable data copies, and clearly defined incident response processes, experience significant improvements in recovery times.
Furthermore, early warning systems and intrusion detection technologies are essential in pre-emptively identifying threats and enhancing resilience. Clean recovery environments insulated from potential attackers allow for more efficient restoration post-incident. A culture of preparedness and collaboration is vital – developing clear roles, responsibilities, and protocols for recovery will streamline responses to cyber incidents and expedite overall recovery efforts.
Ways to improve detection and resilience
Effective preparation for cyber incidents hinges on planning, practice, and testing. Collaboration among internal teams, including IT security, risk management and compliance, is essential for developing comprehensive cyber recovery plans.
Regular practice sessions can help organisations identify friction points in their defences and enhance their response capabilities. With attackers often remaining in networks for extended periods, organisations must focus on improving their detection mechanisms and incident response strategies.
Robust backup protocols, such as the 3-2-1 rule, are crucial to ensuring data integrity: three copies of data stored on two different media, with one immutable copy. Regular testing of plans is necessary to verify effectiveness and ensure a practiced and coordinated responses during incidents. Validation of these tests should occur in environments that closely replicate production settings, facilitating comprehensive recovery practices.
Ultimately, the goal of a robust cyber recovery strategy is to minimise downtime and chaos in the wake of an attack. By fostering a culture of preparedness through regular testing and engagement, organisations can significantly reduce recovery times and ensure they restore critical applications and data effectively. A balanced approach incorporating people, processes, and technology is fundamental to building a resilient framework capable of swiftly defending against and recovering from cyber incidents.