Cyber resilience

A matter of smart business and avoiding disasters a matter of smart business and avoiding disasters

The prevalence of cyberattacks and costs of adverse cyber events such as data breaches, ransomware attacks, and accidental outages of critical IT systems have increased over the past few years.

As organizations have a more complex and hybrid IT infrastructure, data are leveraged across and beyond the company, digital has moved to the core of the business and digital transformation has become ubiquitous, the importance of secure environments is higher than ever before.

Traditional approaches to cybersecurity, backup, and disaster recovery are still essential to achieve availability, integrity, and continuity. Yet, depending on the organization in most cases, various protection mechanisms don’t suffice anymore for reasons we cover in this blog series on cyber resilience.

Cyber resilience in a nutshell

What is cyber resilience? And how is it different from cybersecurity? Each company knows the importance of cybersecurity and data protection. Everyone has invested in tools, processes, and strategies to prevent cyberattacks and mitigate the damage they do.

You might be ready for cyberattacks and data breaches, but are you also prepared to have your core IT systems, data, and digital business platforms function in case an attack affects you? And how resilient are you when ransomware has encrypted all your data, making them unavailable for the business? Are you even sure a restore will work and get you back on your feet?

Cyber resilience isn’t just about preventing and dealing with cyberattacks and routinely performing cybersecurity tasks. It’s first and foremost about an organization’s ability to continue to deliver mission-critical services in the face of cyber incidents. In other words: it’s about business, and that’s also the perspective a good cyber resilience strategy starts with. Cyber resilience encompasses various functions and includes elements of business continuity, risk management, and disaster recovery, on top of cybersecurity. And it requires regular testing, for instance, to make sure a restore won’t break your systems.

In these data-driven times where data, turned into actionable information, is a business asset and driver of value and innovation across all business functions, the increasing complexity of and reliance on the digital realm, requires such a holistic resilience approach that goes beyond cybersecurity.

The costs and indirect impact of data breaches and cyber incidents

The costs and indirect impact of data breaches and cyber incidents

Customers and workers expect systems to be always on, breaches can lead to litigation and impact a brand’s reputation, and cybercrime has become big business with ransomware as a perfect example of potential direct costs.

According to the 2019 Cost of a Data Breach Report by Ponemon Institute, sponsored by IBM Security, the average cost of a data breach reached $3.92 million, an increase of 12 percent over the past five years.

And it’s not just about large organizations. The report also found that the consequences of a data breach can be particularly acute for small and midsize businesses. Companies with less than 500 employees and typically earning $50 million or less in annual revenue, suffered losses of more than $2.5 million on average. Even if there are differences from a risk perspective, all industries nowadays are targets of cybercriminals. And so are all organizations, regardless of their size.

No wonder that in 2018, the World Economic Forum, ranked cyberattacks third as most likely to occur and sixth in terms of likely impact in its Global Risks Perception survey.

Strengthening your cyber resilience means strengthening your capability to maintain mission-critical operations, rapidly recover your IT in the event of a cyberattack, and minimize business impact. As a consequence, it requires a real understanding of the business, where and how data is leveraged, the different processes in the organization, and the applications, production environments and development environments.

Looking at backup and disaster recovery from such a holistic business – continuity – perspective inevitably has an impact on the way it’s organized, planned, tested, and prioritized in terms of business decisions that might need to be taken once disaster hits.

No digital transformation without cyber resilience

It’s clear that for organizations that are very far on a digital transformation journey and intensively use digital technologies across their business ecosystem, preparing a cyber resilience strategy does take time. Moreover, ample stakeholders need to be involved, given the fact that with cyber resilience, we’re taking a risk-based approach.

Yet, even if your company relies less on IT for core business processes or doesn’t have a complex hybrid IT environment, it’s worth looking at cyber resilience, for instance, for regulatory reasons.

Organizations also accelerate their digital transformation in several areas. We’ve seen the impact of COVID-19 on our usage of digital platforms, and it seems inevitable that phenomena such as remote work to name one will be more broadly adopted, again adding to the risks.

Last but not least, as mentioned, all organizations are a target, and even if they aren’t a direct target, they can become a victim of an attack.

Did you know that in the time it took you to read this, there have been several ransomware attacks across the globe since every 14 seconds one takes place? Researchers predict that by 2021 a company will be confronted with ransomware every 11 seconds.

Although there was a slowdown in the number of ransomware attacks as Bart Donné, COO Hybrid Technology Solutions at IRIS Professional Solutions explains in an interview on ransomware and Disaster Recovery as a Service, the numbers went up again.

IRIS Professional Solutions and cyber resilience

With Disaster Recovery as a Service (DRaaS), we’ve arrived at some of the solutions IRIS Professional Solutions offers in the context of cyber resilience.

In the next blog, we’ll look at the stages – and more solutions – to develop a cyber resilience strategy based upon the cyber resilience lifecycle approach of our partner IBM.

In the meantime, feel free to get in touch as IRIS Professional Solutions can help you in developing such a strategy and even in taking care of core cyber resilience services in the form of managed services.

On top of the mentioned DRaaS offering, here are some additional ways we can help:

  • Our information management specialist are experts in helping you know where all data – sensitive and less sensitive – sit and becoming compliant for the most stringent regulations;
  • We offer a Total storage & Backup-as-a-Service (BaaS) solution that can serve as the perfect stepping stone for enhancing your disaster recovery strategy;
  • As a Platinum IBM Business Partner, we can provide you with a first-class service for all your virtualization, storage, compute & cloud projects and implementations, and
  • If you are looking for optimal security, you can replicate your data to our data centers and counter worst-case scenarios with remote backup and disaster recovery.