Is Your Business Ready For The Inevitable Cyberattack?

Uploaded on 2024-08-07 in TECHNOLOGY--Resilience, FREE TO VIEW

Today, it's not a matter of if your business will be hacked, but when. The 2024 UK Government Cybersecurity Breaches Survey revealed a startling statistic: 50% of UK businesses suffered a cyberattack or security breach in the previous 12 months, up from 39% in 2022.

The average cost of a data breach in 2023 was $4.45 million. For small companies, the impact can be devastating, with an estimated 60 percent going out of business within six months of a cyberattack or data breach.

The Alarming State Of Cyber Resilience

The UK National Cybersecurity Centre (NCSC) has highlighted the significant and enduring cyber threats facing the UK in its latest annual review. The report points to the increasing frequency and sophistication of cyber threats, emphasising the need for enhanced cyber resilience across all sectors. This assessment aligns with the UK’s science secretary's recent warnings about the UK's urgent need to bolster its cyber defences.

Lessons From Recent Cyber Incidents

The vulnerability of the UK's cyber infrastructure is not theoretical. The Crowdstrike outage that took down millions of computers reveals how IT and security lapses can have far-reaching consequences.

The rise and rise of ransomware attacks also means that backup and recovery best practices are more important than ever. Service downtime, customer upsets, and corrupted data are just some of the common consequences that arise after a ransomware attack leaves a business offline.

Preparing For The Inevitable

Cybersecurity threats are inevitable, making it essential for businesses to prepare for the worst. The critical question is: if your business is hacked, is your data protected, and can you recover it in hours rather than days or weeks? If not, you are leaving your business vulnerable to severe disruptions.

While everyone emphasises the importance of backups, the real challenge lies in ensuring their integrity and recoverability. Are your backups clean? Can you quickly restore data without prolonged downtime? The total cost of ownership (TCO) of your data protection strategy over time is a crucial consideration. Traditional methods, such as relying on Iron Mountain for physical backups, are cumbersome and time-bound, requiring significant effort to locate and restore data.

Right Data, Right Place, Right Time

The story of data storage, much like the shift to cloud computing, revolves around strategically placing the right parts of your business operations in the most suitable locations at the right times. Data protection follows the same principle. Resilience is still a topic of frequent discussion, yet its broad nature makes it challenging to establish a clear set of best practices. As headlines frequently highlight new victims of cyberattacks, it raises the question: has data protection become more critical than traditional security measures in safeguarding a business' core assets?

Best practices for building robust data protection

1.    Adopt zero trust principles:  Implement zero trust principles to silo parts of your technology stack. This approach limits access to only those who need it and continually verifies each user and device. By segmenting your network and enforcing strict access controls, you can blunt the spread of infections and slow down the lateral movement of ransomware. This means that even if one part of your network is compromised, the rest remains secure, reducing the potential impact of an attack.

2. Use smart data backups:  Use data backups strategically to secure your business's critical workloads. Regularly back up your data and store copies in multiple locations, including off-site and in the cloud. Ensure that these backups are encrypted and protected by strong access controls. By having reliable backups, you can quickly restore data in the event of a cyberattack or other disaster, minimising downtime and loss.

3. Implement immutable data solutions:  Immutable data backups can be leveraged as a defence mechanism. Immutable data ensures that once a backup is created, it cannot be altered or deleted. This provides a safeguard against ransomware attacks and human error, ensuring that you always have a clean copy of your data to restore from. Implementing immutability can significantly enhance your data protection strategy and ensure rapid recovery during a crisis.

4. Conduct regular security tests:  Identify critical data, duplicate it, and store it securely. If you have seen this routine backup equation before, you might be missing one of the most important steps. Testing your backups, and ensuring copies are ‘clean’ and recoverable, makes the difference between a rapid recovery and one that’s halted by infected data. Businesses should conduct regular drills and simulations. This helps identify weaknesses and ensures that your team is prepared to respond effectively to real-world threats. Drills should cover various scenarios, including ransomware attacks, data breaches, and other common cyber incidents.

5. Prepare for advanced threats:  As cybercriminals increasingly target backup systems, it is essential to secure these systems with the same rigor as your primary data. Strengthen traditional backup and recovery systems against targeted attacks by using advanced malware protection and regular security audits to identify and mitigate vulnerabilities in your backup infrastructure. This proactive approach helps protect your safety net from being breached by attackers.

6. Increase your cyber hygiene:  Focus on policies that promote good cyber hygiene and clean data practices. Educate employees about the importance of cybersecurity and best practices for protecting data. Regular training sessions can help reinforce the need for strong passwords, phishing awareness, and secure handling of sensitive information. A culture of cybersecurity awareness is essential for maintaining robust data protection.

7. Plan for business continuity:  Integrate data protection into your business continuity and disaster recovery plans to outline how your business will maintain operations during and after a cyberattack. These plans should include detailed procedures for data recovery, communication strategies, and roles and responsibilities. Again, regularly update and test your plans to ensure they remain effective and relevant.

8. Integrate data protection with emerging technologies:  Data protection has become the backbone of other technologies, such as public cloud, storage, and AI. As businesses increasingly rely on these technologies, robust data protection becomes even more critical. Ensuring that data protection measures are integrated with these technologies will enhance resilience and minimise downtime.

Invest In Data Protection To Save The Cost Of A Data Breach

Investment in robust data protection measures is minimal compared to the potential cost of data loss. The average cost of a data breach is significant, but the long-term impact on a business' reputation and customer trust can be even more damaging.

Investing in data protection not only safeguards against financial loss but also enhances business continuity and resilience.

Ishwar Fernandes is Head of Technical Architects at CSI Ltd

Image: Unsplash

You Might Also Read: 

Is Your Business Ready To Embrace Artificial Intelligence?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Cyber War, Intelligence, Malware & Espionage [extract]
Four Security Risks Posed by AI Coding Assistants »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.