Blog

Minimise cyberattacks with disaster recovery planning

Cybersecurity is increasingly posing a major threat to businesses. And in a society that’s more technologically dependent than ever, there’s no indication that this trend will slow down.
14 June 2021 Michael Holtzhausen

We’ll let you in on a little secret. Cyberattacks have been increasing in number in the past few years. All you have to do is to look at this infographic and you'll notice this fact.

And if that infographic isn’t enough, here are a few more stats:

  • Market research analysts at Gartner say that there will be $170.4 billion in revenue for the global information security market in 2022.
  • Cybersecurity company Proofpoint states that 88% of organisations worldwide experienced spear-phishing attempts in 2019.
  • Risk Based Security claims that data breaches exposed 36 billion records in the first half of 2020.
  • According to Verizon, an American wireless network operator, 86% of breaches involved financial gain and 10% involved espionage.

Great, now that we have your attention, how do we go about disaster recovery planning?

How to respond to cyberattacks

An incident response plan (IRP) is the first step in disaster recovery planning, and it must be tailored to the cyber risks facing your business. As a guideline, follow these high-level steps when creating your IRP:

Preparation: Identify employees and partners who will respond to incidents and prepare to handle them. It is imperative that responsibilities are clearly defined in the event of a cyberattack.

Detection: Ensure that your network is constantly and comprehensively monitored. Identify minor events from major ones and establish escalation procedures for each.

Containment: Isolate the infected system and investigate the cause of the intrusion.

Recovery: Eradicate the source of the intrusion (blocking malicious IP addresses, changing passwords, patching holes, resolving vulnerabilities etc.) while complying with regulatory requirements. A company's brand and image must also be protected during this time.

Post-incident review: Bring together stakeholders to discuss lessons learnt and identify security gaps to prevent  similar incidents from reoccurring.

Maintain your IRP: When creating an IRP for your specific company, it's important to perform annual (or more frequent) reviews of the IRP and periodic training of the designated response team.

Cybercriminals will have an easy time targeting your organisation if it does not have a cybersecurity programme in place.

The days of only relying on antivirus software and simple firewalls are over. According to the Cyberchology: The Human Element of Cybersecurity report: "80% of businesses have seen an increased cybersecurity risk caused by a human factor.” Cyberthreats can come from any level in your organisation. It is imperative to train your staff about scams like phishing and advanced cybersecurity attacks like ransomware (think WannaCry) and other malware aimed at stealing intellectual property.

Provide full disclosure

Ensure that employees, customers and the public are notified of a crisis. Failing to inform them can only make things worse. An important crisis management best practice is full and immediate disclosure of cyberattacks. For example, Uber's attempt to conceal a cyberattack exacerbated an already difficult situation. According to the Wall Street Journal, Uber later: "... reached a nationwide settlement to pay a $148 million penalty to settle allegations it intentionally concealed a 2016 data breach”. You certainly don't want to find yourself in a similar situation, so make sure everyone knows when a data breach has occurred.

STS secures your information

For business continuity and future growth, it is imperative to be able to recover from a data breach and resume operations. We have a range of solutions dedicated to help you recover from a cyberattack. These include:

Disaster Recovery as a Service: Keep your applications and software available at all times with our Disaster Recovery as a Service (DRaaS).

Back-up solution: Protect your data from internal and external threats with tailored back-up solutions.

Contact us so we can discuss these solutions in more detail with you. Together let’s bolster your disaster recovery planning.

Don’t be fooled by these disaster recovery myths
Resources
Don’t be fooled by these disaster recovery myths
Download

In Other News

Discover our solutions

Find out more about our tailored data storage and back-up solutions for businesses of all sizes.

Solutions

We love to talk data!

Get in touch with our experts and find out how our data solutions can benefit your business.

Contact Us