The resilience of businesses and critical services amid cyberattacks and their ability to recover rapidly from such attacks or breaches are critical, especially as many business systems and processes are being connected to improve their efficiency or to monitor them, says information technology availability firm Veeam Africa regional manager Claude Schuck.
While loss of business as a result of a cyberbreach or hack is problematic and disruptive, the impacts are compounded when the systems are critical to the health and safety of people.
The WannaCry ransomware attack, which was reported to have affected devices in 150 countries worldwide (about three-quarters of all countries), should be sufficient impetus for every organisation to review its business continuity strategy and ensure that it always remains on in the event of a crisis, Schuck emphasises.
“Businesses need to improve not only their detection methods but also their approaches to cybersecurity. Networking multinational Cisco uses the concept of ‘Time to Detect’ to refer to the length of time it takes for a business to realise that it has been compromised by a cyberattack.”
With the industry average time to detect being nine hours, the repercussions of malicious users accessing sensitive company data can be significant, especially if related to critical processes or services.
“A balanced approach is required by an organisation to maintain availability by ensuring that it uses advanced security systems capable of evolving as the threat environment changes,” Schuck adds.
Given the potential financial impact and reputational cost to the company brand, the discussion needs to move beyond budgetary constraints to ensuring that availability of data becomes a strategic priority.
Cybercriminals have more tools at their disposal than ever before. They also have a keen sense of when to use each one for maximum effect. The explosive growth of mobile endpoints and online traffic works in their favour, as they have more space in which to operate and more choices of targets and approaches, he notes.
The ‘2017 Veeam Availability Report’ shows that companies are trying to improve access to data, but continue to encounter challenges when providing adequate service availability.
This creates a protection gap in which the business is unable to protect its data and ensure that its units’ expectations of data loss management are met. Inadequate availability of information technology systems led to an average of R270-million a year in direct financial costs, without factoring in the resultant disruptive impact on digitalisation efforts and additional costs because of this disruption.
The main constraints cited by companies to adopting advanced security products and solutions are budget, product compatibility, certification and lack of skills.
“Not accessing data is one thing, but when it has the potential to impact on human life, it takes on a different tone altogether. These attacks should act as warnings to companies to ensure business continuity and the availability of critical systems.”