Anything that can go wrong...
Recent news concerning the infamous prison break of three detainees from Kenya's most secure prison facility reminds me of Murphy's divine law - Anything that can go wrong will go wrong. Who would have imagined that on the wee hours of a normal day, a group of determined fugitives would make a run for their freedom? Never mind the fact that they were later apprehended thousands of kilometers away from ground zero.
Relating to ICT, attackers will always probe any points of weaknesses in systems and infrastructure. Any kind of hardening implemented over a period of time, and with the best personnel and resources may take a second to break as long as a point of weakness - often in form of the human element - unexpectedly presents a low-hanging fruit for attackers. Security fatigue may, for example, inhibit employees from updating their passwords preferring instead, to recycling passwords, hence introducing predictable and weak implementation of security features in systems, software, and infrastructure. It is during such instances that attackers may perform phishing campaigns or even the simplest of attacks that ultimately lead to security breaches.
If anything, these events remind businesses and organizations, more so those of big stature, that no one is immune from any kinds of breaches. However well equipped an organization is, cyber breaches are bound to occur at a certain point in time, more so when least expected. This calls for adequate preparedness so that in the event an unforeseen event occurs, an organization remains resilient enough to weather the storm. This resilience can be measured by the ability to conduct disaster recovery in the shortest time possible, and with minimal losses to ensure business continuity.
Looking back, it took four days for the fugitives to be apprehended. By juxtaposition, a cybersecurity breach requiring a 4-day recovery period may spell doom for organizations. Within this time, millions of revenue will have been lost alongside reputation damage and an even higher cost of recovery. Disgruntled customers may decide to jump ship. Shareholders may decide to close shop and pass a vote of no confidence to the board of directors. As if not enough, third-party vendors and partners may choose to file legal suits depending on points of concerns such as data loss and exposure. All these emergent issues in the aftermath of a breach signal the need for fast recovery times to mitigate some, if not all of the probable repercussions.
But then, what is the quickest path to recovery?
For organizations reliant on technology for day to day operations, backup sites present the fastest and most reliable means to disaster recovery. Organizations should have either of the following three tiers of offsite backup sites depending on sensitivity of operations and acceptable losses.
Whether big or small, businesses must use their risk appetite to determine the best way to achieve disaster recovery. A robust disaster recovery plan will lead to business continuity should any unforeseen events occur, including cybersecurity breaches and physical phenomena. The most important thing is to remain prepared to implement any of the available recovery options within the shortest time possible.
"It's not how far you fall, but how high you bounce that counts." - Zig Ziglar
Want more of cybersecurity articles? Visit cybasil.com