Are your cybersecurity investments making you less resilient?

In the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have scaled down workforces in favor of automation, moved their servers and networks off-premises, and transferred their data to the cloud, but mostly kept to their old ways when thinking about cybersecurity. But things are finally changing, and the idea of cyber resilience is taking hold as an extension (or enhancement) of traditional business continuity (BC) and disaster recovery (DR) plans.

Digital transformation calls for digital resilience

If your organization were hit with a major cyberattack, how would you continue to operate the company in the most basic way possible while your security and technology organizations rebuild everything? This is assuming you have (uncompromised/thorough) backups and rebuild processes in place, of course. But even so, in the case of big companies, rebuilding machines, infrastructure, customer environments, and more takes time and money.

This is on top of the time and money you’ve likely already invested in being good at traditional BCP/DR. But it’s these investments that may be putting you at a disadvantage when it comes to being truly cyber resilient.

For instance, we’ve all been taught how important it is to back up our data. It started with weekly backups, or even nightly. But now it’s near constant, including any malware that might have snuck into your network. Are better and more frequent backups leaving us at risk for a larger impact? Should a more advanced strategy – e.g., some backups going to immutable locations, being constantly scanned by advanced anti-malware solutions, and stored in air-gapped cyber vaults – be pursued for the most critical systems?

Reprinted with permission from Help Net Security. Copyright Help Net Security. All rights reserved.
Written by Saša Zdjelar, 2022