Is Your Business Ready For The Inevitable Cyberattack?

Uploaded on 2024-08-07 in TECHNOLOGY--Resilience, FREE TO VIEW

Today, it's not a matter of if your business will be hacked, but when. The 2024 UK Government Cybersecurity Breaches Survey revealed a startling statistic: 50% of UK businesses suffered a cyberattack or security breach in the previous 12 months, up from 39% in 2022.

The average cost of a data breach in 2023 was $4.45 million. For small companies, the impact can be devastating, with an estimated 60 percent going out of business within six months of a cyberattack or data breach.

The Alarming State Of Cyber Resilience

The UK National Cybersecurity Centre (NCSC) has highlighted the significant and enduring cyber threats facing the UK in its latest annual review. The report points to the increasing frequency and sophistication of cyber threats, emphasising the need for enhanced cyber resilience across all sectors. This assessment aligns with the UK’s science secretary's recent warnings about the UK's urgent need to bolster its cyber defences.

Lessons From Recent Cyber Incidents

The vulnerability of the UK's cyber infrastructure is not theoretical. The Crowdstrike outage that took down millions of computers reveals how IT and security lapses can have far-reaching consequences.

The rise and rise of ransomware attacks also means that backup and recovery best practices are more important than ever. Service downtime, customer upsets, and corrupted data are just some of the common consequences that arise after a ransomware attack leaves a business offline.

Preparing For The Inevitable

Cybersecurity threats are inevitable, making it essential for businesses to prepare for the worst. The critical question is: if your business is hacked, is your data protected, and can you recover it in hours rather than days or weeks? If not, you are leaving your business vulnerable to severe disruptions.

While everyone emphasises the importance of backups, the real challenge lies in ensuring their integrity and recoverability. Are your backups clean? Can you quickly restore data without prolonged downtime? The total cost of ownership (TCO) of your data protection strategy over time is a crucial consideration. Traditional methods, such as relying on Iron Mountain for physical backups, are cumbersome and time-bound, requiring significant effort to locate and restore data.

Right Data, Right Place, Right Time

The story of data storage, much like the shift to cloud computing, revolves around strategically placing the right parts of your business operations in the most suitable locations at the right times. Data protection follows the same principle. Resilience is still a topic of frequent discussion, yet its broad nature makes it challenging to establish a clear set of best practices. As headlines frequently highlight new victims of cyberattacks, it raises the question: has data protection become more critical than traditional security measures in safeguarding a business' core assets?

Best practices for building robust data protection

1.    Adopt zero trust principles:  Implement zero trust principles to silo parts of your technology stack. This approach limits access to only those who need it and continually verifies each user and device. By segmenting your network and enforcing strict access controls, you can blunt the spread of infections and slow down the lateral movement of ransomware. This means that even if one part of your network is compromised, the rest remains secure, reducing the potential impact of an attack.

2. Use smart data backups:  Use data backups strategically to secure your business's critical workloads. Regularly back up your data and store copies in multiple locations, including off-site and in the cloud. Ensure that these backups are encrypted and protected by strong access controls. By having reliable backups, you can quickly restore data in the event of a cyberattack or other disaster, minimising downtime and loss.

3. Implement immutable data solutions:  Immutable data backups can be leveraged as a defence mechanism. Immutable data ensures that once a backup is created, it cannot be altered or deleted. This provides a safeguard against ransomware attacks and human error, ensuring that you always have a clean copy of your data to restore from. Implementing immutability can significantly enhance your data protection strategy and ensure rapid recovery during a crisis.

4. Conduct regular security tests:  Identify critical data, duplicate it, and store it securely. If you have seen this routine backup equation before, you might be missing one of the most important steps. Testing your backups, and ensuring copies are ‘clean’ and recoverable, makes the difference between a rapid recovery and one that’s halted by infected data. Businesses should conduct regular drills and simulations. This helps identify weaknesses and ensures that your team is prepared to respond effectively to real-world threats. Drills should cover various scenarios, including ransomware attacks, data breaches, and other common cyber incidents.

5. Prepare for advanced threats:  As cybercriminals increasingly target backup systems, it is essential to secure these systems with the same rigor as your primary data. Strengthen traditional backup and recovery systems against targeted attacks by using advanced malware protection and regular security audits to identify and mitigate vulnerabilities in your backup infrastructure. This proactive approach helps protect your safety net from being breached by attackers.

6. Increase your cyber hygiene:  Focus on policies that promote good cyber hygiene and clean data practices. Educate employees about the importance of cybersecurity and best practices for protecting data. Regular training sessions can help reinforce the need for strong passwords, phishing awareness, and secure handling of sensitive information. A culture of cybersecurity awareness is essential for maintaining robust data protection.

7. Plan for business continuity:  Integrate data protection into your business continuity and disaster recovery plans to outline how your business will maintain operations during and after a cyberattack. These plans should include detailed procedures for data recovery, communication strategies, and roles and responsibilities. Again, regularly update and test your plans to ensure they remain effective and relevant.

8. Integrate data protection with emerging technologies:  Data protection has become the backbone of other technologies, such as public cloud, storage, and AI. As businesses increasingly rely on these technologies, robust data protection becomes even more critical. Ensuring that data protection measures are integrated with these technologies will enhance resilience and minimise downtime.

Invest In Data Protection To Save The Cost Of A Data Breach

Investment in robust data protection measures is minimal compared to the potential cost of data loss. The average cost of a data breach is significant, but the long-term impact on a business' reputation and customer trust can be even more damaging.

Investing in data protection not only safeguards against financial loss but also enhances business continuity and resilience.

Ishwar Fernandes is Head of Technical Architects at CSI Ltd

Image: Unsplash

You Might Also Read: 

Is Your Business Ready To Embrace Artificial Intelligence?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Cyber War, Intelligence, Malware & Espionage [extract]
Four Security Risks Posed by AI Coding Assistants »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Fingerprint Cards

Fingerprint Cards

Fingerprint Cards develops and produces biometric components and technologies that verify a person’s identity through the analysis and matching of an individual’s unique fingerprint.

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet is a network of companies who collaborate to address skills needs within the technology sector.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

Xmore AI

Xmore AI

Xmore AI, an emerging disruptor in our incubation, is building AI models to optimize and secure IT with the mission of increasing efficiency and reducing costs.