The Seven Stages Of Cyber Resilience:

Data is the beating heart of every modern-day enterprise, from large corporations to small and medium-sized businesses. For many, data is by far the most valuable asset they own. If they lose access to their data due to a cyberattack or natural disaster, it can bring their operations to a screeching halt. For this reason, data resilience is now a critical necessity.

Resilient organisations have processes that enable them to quickly bounce back from any situation in which their data is compromised. But not every organisation is resilient. Most SMBs are not. A recent global survey by Arcserve revealed that only 23% of small and midsize organisations have mature data resilience strategies with associated goals they can use to track progress.

It is not ideal, but it is understandable. SMBs are often focused entirely on their day-to-day operations. They dedicate almost all their time to running their business, managing marketing and sales, serving customers, and staying on the right side of tax collectors. This focus limits their ability to handle additional tasks like cybersecurity.

Keeping the business running in real-time is their top priority.

SMBs know about cyber threats, but all too often, they think it’s just larger businesses in the crosshairs of attackers. But the truth is that threat actors are not selective based on industry or company size. They target every potential victim, regardless of how small or large it may be. SMBs are not immune to the threat of cyberattacks—and the sooner they realise it, the better off they’ll be.

The Seven Stages Of Cyber Resilience

The “seven stages of grief” refers to the psychological process individuals typically go through when experiencing profound loss or bereavement, including shock, denial, anger, bargaining, and depression.

Applying the “seven stages of grief” to SMBs dealing with data protection issues looks something like this:

1. Shock and Denial:    This is when the SMB first becomes aware of the potential risks to their data. They might be shocked to learn about the extent of the potential damage and the various threats. There might also be some denial, as they may initially find it hard to believe such threats could impact their business.

2. Pain and Guilt:    As SMBs begin to understand the gravity of the situation, they may feel pain over potential losses or damage to their business. They may also feel guilt, particularly if they have not taken data protection seriously in the past, which might have exposed their business to unnecessary risk.

3. Anger and Bargaining:    The SMB might feel anger towards the circumstances that have led to the data threats, such as cybercriminals or their past negligence. They may also start bargaining or looking for quick fixes to protect their data, which could lead to ineffective strategies.

4. Depression:    The realisation of the effort and resources required to protect their data effectively may lead to feelings of depression. The SMB may feel overwhelmed by the complexities of data protection and the potential impact of data loss on their business.

 5. Upward Turn:    As SMBs start to take concrete steps to improve their data resilience, things start to look up. They may begin to see that, although the process is complex, it is manageable and within their capabilities. The first step, for instance, is determining the critical operating systems. There are those that, if compromised, will cause a minor disruption. Then some will halt the entire business, perhaps ending it entirely. The SMB can start by determining where their critical data is stored and which systems are needed for their business to function effectively.

6. Reconstruction and Working Through:    During this stage, the SMB is actively working on its data protection strategies. They are implementing new measures, improving their systems, training their staff, and generally doing the work needed to improve data resilience. For instance, the SMB can beef up its backup and recovery processes by storing data copies in separate locations to mitigate data loss from events like a cyberattack. They can also implement immutable data storage, which safeguards information by taking snapshots every 90 seconds. So even if ransomware does sneak through and data is overwritten, the information will still be easily recoverable to a recent point in time.

7. Acceptance and Hope:    Finally, the SMB accepts the importance of data resilience and the effort required to achieve it. When the proper controls and alerts are in place, the SMB is in a much better position to prevent unauthorised access and remedy unexpected incidents. They also have hope for the future, knowing they are better prepared to handle data threats and recover from potential data loss. 

The Value Of A Service Provider

Due to a lack of resources, many SMBs focus almost entirely on their day-to-day operations. For many, that’s a necessity. It is why it makes sense for SMBs to collaborate with a specialised service provider with expertise in data backup, cybersecurity, and data resilience. 

Partnering with a service provider that knows best practices and works with best-in-class vendors will complement your SMB’s IT knowledge and ensure a solid and effective data resilience plan. This proactive approach is crucial, as you may not even know all regulations you must follow.

Engaging a service provider ensures that you’ll be informed and compliant.

Cost and affordability are, of course, significant concerns for SMBs. While larger organizations can dedicate personnel or entire departments to cybersecurity and data backup roles, that’s often out of the question for SMBs. But by working with a service provider, your SMB can cost-effectively access the practices and expertise you need.

This partnership lets you focus on your core operations and growth while entrusting resilience and recovery strategies to a knowledgeable professional.

Considering the stakes involved, allocating a budget to data resiliency is crucial, even if it’s a modest amount. Service providers and specialised vendors now offer solutions that enable SMBs to start small and scale as their business grows. It’s not necessarily a massive upfront investment. Tools and practices allow you to establish a solid and updated resilience plan with a smaller footprint, ensuring you’re well-prepared for potential incidents at a price you can afford.

Richard Massey is Vice President of Sales, EMEA, at Arcserve 

You Might Also Read:

Always-On Protection Using Immutable Storage:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« How To Back Up GitLab To Prevent Data Loss 
Thousands Of WordPress Sites Exposed  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Israel National Cyber Directorate (INCD)

Israel National Cyber Directorate (INCD)

The Israel National Cyber Directorate is the national security and technological agency responsible for defending Israel’s national cyberspace and for establishing and advancing Israel’s cyber power.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.