Are Businesses Adopting A ‘Titanic Mindset’ To Data Recovery?
It was a year ago when the Rhysida ransomware gang made the headlines when it attacked the British Library’s systems, resulting in major disruption and the theft of service users’ data, which was leaked when the British Library refused to co-operate.
Since then, we’ve all witnessed the chaos that erupted from the more recent global outage that made headlines and affected systems across the world. While not a traditional data attack, it’s been estimated to cost businesses up to $1.5 billion and is proof that no organisation can afford to be complacent regarding downtime.
Lessons, of course, have been learnt. The British Library, in fact, opted for full transparency in the aftermath, publishing details of the intrusion and its response. Meanwhile, CrowdStrike apologised for the faulty software update that led to system crashes at banks, airlines, healthcare, media companies, hotel chains and more.
So, what have we learnt? An organisation’s ability to reliably recover systems and data is non-negotiable. There is absolutely no room for doubt – and if there is, any uncertainty needs to be identified and addressed before disaster strikes.
Absolute confidence in data recovery
It’s concerning that in recent study we undertook among senior IT professionals in the UK, 78% of respondents admitted they had suffered data loss due to system failure, human error or a cyberattack at least once in the past 12 months.
Yet only just over half (54%) said they are confident they could recover their data and mitigate downtime in a future disaster.
The fact that only just over half of respondents think their data is recoverable is a concern; this figure should be much nearer to 100%. Otherwise, how can your readiness for recoverability be reported confidently to the business and senior stakeholders? Confidence comes from identifying an organisation’s realistic needs, without compromising on cost or making sure you have the right tools for the job.
Meeting the testing ‘gold standard’
Confidence also comes from thoroughly and repeatedly testing systems and disaster recovery (DR) processes. So, it was surprising to see that of the UK IT professionals interviewed, one in five say they test just once a year or less, while 60% of respondents check their data is fully recoverable and usable once every six months. Just 5% say they test monthly (below).
We advocate for a ‘gold standard’ for DR testing – twice-yearly, non-invasive full failover tests supported by monthly system boot tests and data integrity checks. In addition to rigorous data validation, testing the ability of workloads (applications and data) for failover capabilities needs to be designed into the recovery plan. This should also allow for network and connectivity testing, a critical and often overlooked component in the testing process.
The challenge is that many technologies deployed today to recover systems and data do not allow for non-disruptive testing. While testing can be carried out, these tests can never be thorough enough without significant disruption and, as a result, deliver a compromised test.
Organisations need to put in place a well-structured recovery environment to optimise data recovery testing and ensure it can be conducted in the least disruptive way to the business. There are sophisticated solutions now that run testing without consuming vital resources or impacting the day-to-day production environment, which means business-as-usual.
Making data recovery part of business ‘fitness agenda’
When it comes to the core challenges in DR planning, our survey respondents were clear in what they are lacking from the business, with 39% pointing to a lack of skills or expertise in-house, 29% to a lack of investment or budget, and 28% to a lack of senior support.
A lack of top-down support can foster a culture of complacency, even apathy. If those responsible for protecting and recovering the business in the event of a data issue or cybersecurity attack do not feel that it’s being taken seriously enough, then their approach and attitude may well reflect this.
Aligned to a thorough testing regime is the confidence to report that systems are recoverable, and the business is in a state of readiness to respond. A secondary benefit is that it fosters a culture of professionalism regarding an aspect of IT that often sits in the shadows until it is needed.
To some extent, I think what we’re seeing from this study is a ‘Titanic mindset’ to data recovery, which is potentially putting data - and businesses - at risk. Organisations, it seems, think they are unsinkable - until they’re not.
Stephen Young is Executive Director at Assurestor
Image: SerrNovik
You Might Also Read:
Make Sure Your Disaster Recovery Plan Works When You Need It Most:
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible