The Recency Bias: why over-rotating on cybersecurity is leaving gaps in disaster recovery plans
Rick Vanover, Senior Director, Product Strategy, Veeam Software and Dave Russell, Vice President, Enterprise Strategy at Veeam Software elaborates on why it is a good time for organisations to look closely into disaster recovery plans.
Since the beginning of the pandemic, IT departments have sharpened their collective focus on cybersecurity. They’ve doubled down on protective measures to stop hackers from stealing data and launching record numbers of ransomware attacks. In the process, many may have taken their eyes off of other threats that can cause just as much damage as a cyberattack.
Human error remains the most common cause of data loss. Studies show that corporations lose nearly five times the amount of data through accidental deletions and overwrites as they do from malicious incidents. Accidental configuration, application and user administration errors also can crash systems, delete data and cause costly outages.
Natural disasters are a growing problem. A record number of tropical storms have hit the U.S. the past two years, and experts expect climate change to cause more and more damage. The financial impacts of the recent Hurricane Ida alone are costing businesses, consumers and communities are approaching $100 million.
While increased attention to cyberattacks is warranted, organizations need to reprioritize their disaster recovery (DR) strategies to meet the real threat landscape we see today. They need to invest in employee training, automate functions in the DR process, and make sure DR plans and processes are ready to handle sudden, unforeseen incidents that threaten their business continuity.
If they don’t, their operations will suffer. According to one study, 94% of companies that experience a catastrophic data loss don’t survive; 43% never reopen and 51% shut down within two years. Those that do stay in business lose $84,650 per hour in lost revenue and productivity, according to Veeam’s 2021 Data Protection Report. And they lose more than that: They experience external impacts, including loss of customer confidence and damage to the brand; internal impacts such as employee morale and diversion of resources; and a third set of factors, litigation and regulation, which can have a significant effect on company valuation.
Employee training is a good place to start. Any organization that didn’t implement a new round of cybersecurity trainings for workers during the pandemic should make this a top priority. This should include usual best practices ranging from following incident notification procedures to selecting strong passwords to avoiding phishing scams.
But training should extend to IT operators, as well. Configuration errors can be reduced by following a series of best practices. These include creating a single configuration source, providing an easy way to track configuration changes and using DNS Service Names for all services. Because there’s no way to test every conceivable condition, application errors will occur. But reviewing and upgrading testing procedures regularly can lead to improved performance and reduce the number of careless errors in everyday practice.
Automation should be a top priority coming out of the pandemic. Not only does it reduce human errors in everyday processes – it gives staff more time to perform more strategic, higher-level tasks. This is just as true for IT as it is for those in the office. Organizations increased their investments in automation technologies the past two years, and they should continue to do so – to enhance productivity and provide higher levels of security.
Automating the disaster recovery process, in particular, can save time and improve overall response. Today’s applications and data sets are larger and more complex, distributed and interdependent than ever. This renders the successful recovery of even a single application — not to mention entire sites — incredibly difficult, making orchestration of recovery processes an indispensable tool.
Given the high stakes, now is a good time for organizations to look more closely at their DR plans and procedures to make sure they’re ready to implement in quick fashion. Here are some tips to follow:
- Check the specifics: Having a plan that’s up to date and validated for a corporation’s specific business needs is critical. Needs have probably shifted since the pandemic started. If you haven’t revisited your plan in more than a year, it should be a top priority.
- Review your documentation: Having easy-to-follow, comprehensive documents available during system restores can save time and avoid stress. These are time intensive to create and they should be continually reviewed – preferably by the people who’ll have to use the documents when it’s time to dust them off.
- Update identity accesses: With changes in service consumption, gaps have likely developed from an identity confirmation standpoint. Make sure the right people are authorized to perform critical system functions during that time-sensitive period when systems are down.
- Rethink DR/resilience plans: With increased usage of external devices, organizations should rationalize their plans to incorporate end-to-end protection, from the workforce to the endpoint.
- Ramp up testing: Test each application individuallyto make sure you’re meeting your key metrics – mainly the recovery time objective (RTO) and recovery point objective (RPO).
Conclusion
Cyberattacks are on the rise, and organizations need to devote significant amounts of attention to protect against them. But disasters come in different forms. To ensure they’re protected once one hits, IT departments should make sure their recovery plans and procedures are in place. Their businesses depend on it.