Is Your Business Ready For The Inevitable Cyberattack?

Uploaded on 2024-08-07 in TECHNOLOGY--Resilience, FREE TO VIEW

Today, it's not a matter of if your business will be hacked, but when. The 2024 UK Government Cybersecurity Breaches Survey revealed a startling statistic: 50% of UK businesses suffered a cyberattack or security breach in the previous 12 months, up from 39% in 2022.

The average cost of a data breach in 2023 was $4.45 million. For small companies, the impact can be devastating, with an estimated 60 percent going out of business within six months of a cyberattack or data breach.

The Alarming State Of Cyber Resilience

The UK National Cybersecurity Centre (NCSC) has highlighted the significant and enduring cyber threats facing the UK in its latest annual review. The report points to the increasing frequency and sophistication of cyber threats, emphasising the need for enhanced cyber resilience across all sectors. This assessment aligns with the UK’s science secretary's recent warnings about the UK's urgent need to bolster its cyber defences.

Lessons From Recent Cyber Incidents

The vulnerability of the UK's cyber infrastructure is not theoretical. The Crowdstrike outage that took down millions of computers reveals how IT and security lapses can have far-reaching consequences.

The rise and rise of ransomware attacks also means that backup and recovery best practices are more important than ever. Service downtime, customer upsets, and corrupted data are just some of the common consequences that arise after a ransomware attack leaves a business offline.

Preparing For The Inevitable

Cybersecurity threats are inevitable, making it essential for businesses to prepare for the worst. The critical question is: if your business is hacked, is your data protected, and can you recover it in hours rather than days or weeks? If not, you are leaving your business vulnerable to severe disruptions.

While everyone emphasises the importance of backups, the real challenge lies in ensuring their integrity and recoverability. Are your backups clean? Can you quickly restore data without prolonged downtime? The total cost of ownership (TCO) of your data protection strategy over time is a crucial consideration. Traditional methods, such as relying on Iron Mountain for physical backups, are cumbersome and time-bound, requiring significant effort to locate and restore data.

Right Data, Right Place, Right Time

The story of data storage, much like the shift to cloud computing, revolves around strategically placing the right parts of your business operations in the most suitable locations at the right times. Data protection follows the same principle. Resilience is still a topic of frequent discussion, yet its broad nature makes it challenging to establish a clear set of best practices. As headlines frequently highlight new victims of cyberattacks, it raises the question: has data protection become more critical than traditional security measures in safeguarding a business' core assets?

Best practices for building robust data protection

1.    Adopt zero trust principles:  Implement zero trust principles to silo parts of your technology stack. This approach limits access to only those who need it and continually verifies each user and device. By segmenting your network and enforcing strict access controls, you can blunt the spread of infections and slow down the lateral movement of ransomware. This means that even if one part of your network is compromised, the rest remains secure, reducing the potential impact of an attack.

2. Use smart data backups:  Use data backups strategically to secure your business's critical workloads. Regularly back up your data and store copies in multiple locations, including off-site and in the cloud. Ensure that these backups are encrypted and protected by strong access controls. By having reliable backups, you can quickly restore data in the event of a cyberattack or other disaster, minimising downtime and loss.

3. Implement immutable data solutions:  Immutable data backups can be leveraged as a defence mechanism. Immutable data ensures that once a backup is created, it cannot be altered or deleted. This provides a safeguard against ransomware attacks and human error, ensuring that you always have a clean copy of your data to restore from. Implementing immutability can significantly enhance your data protection strategy and ensure rapid recovery during a crisis.

4. Conduct regular security tests:  Identify critical data, duplicate it, and store it securely. If you have seen this routine backup equation before, you might be missing one of the most important steps. Testing your backups, and ensuring copies are ‘clean’ and recoverable, makes the difference between a rapid recovery and one that’s halted by infected data. Businesses should conduct regular drills and simulations. This helps identify weaknesses and ensures that your team is prepared to respond effectively to real-world threats. Drills should cover various scenarios, including ransomware attacks, data breaches, and other common cyber incidents.

5. Prepare for advanced threats:  As cybercriminals increasingly target backup systems, it is essential to secure these systems with the same rigor as your primary data. Strengthen traditional backup and recovery systems against targeted attacks by using advanced malware protection and regular security audits to identify and mitigate vulnerabilities in your backup infrastructure. This proactive approach helps protect your safety net from being breached by attackers.

6. Increase your cyber hygiene:  Focus on policies that promote good cyber hygiene and clean data practices. Educate employees about the importance of cybersecurity and best practices for protecting data. Regular training sessions can help reinforce the need for strong passwords, phishing awareness, and secure handling of sensitive information. A culture of cybersecurity awareness is essential for maintaining robust data protection.

7. Plan for business continuity:  Integrate data protection into your business continuity and disaster recovery plans to outline how your business will maintain operations during and after a cyberattack. These plans should include detailed procedures for data recovery, communication strategies, and roles and responsibilities. Again, regularly update and test your plans to ensure they remain effective and relevant.

8. Integrate data protection with emerging technologies:  Data protection has become the backbone of other technologies, such as public cloud, storage, and AI. As businesses increasingly rely on these technologies, robust data protection becomes even more critical. Ensuring that data protection measures are integrated with these technologies will enhance resilience and minimise downtime.

Invest In Data Protection To Save The Cost Of A Data Breach

Investment in robust data protection measures is minimal compared to the potential cost of data loss. The average cost of a data breach is significant, but the long-term impact on a business' reputation and customer trust can be even more damaging.

Investing in data protection not only safeguards against financial loss but also enhances business continuity and resilience.

Ishwar Fernandes is Head of Technical Architects at CSI Ltd

Image: Unsplash

You Might Also Read: 

Is Your Business Ready To Embrace Artificial Intelligence?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Cyber War, Intelligence, Malware & Espionage [extract]
Four Security Risks Posed by AI Coding Assistants »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

IT Solutions Consulting

IT Solutions Consulting

IT Solutions is a full-service IT partner providing managed services and other information technology solutions nationwide.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.