Is Your Business Ready For The Inevitable Cyberattack?

Uploaded on 2024-08-07 in TECHNOLOGY--Resilience, FREE TO VIEW

Today, it's not a matter of if your business will be hacked, but when. The 2024 UK Government Cybersecurity Breaches Survey revealed a startling statistic: 50% of UK businesses suffered a cyberattack or security breach in the previous 12 months, up from 39% in 2022.

The average cost of a data breach in 2023 was $4.45 million. For small companies, the impact can be devastating, with an estimated 60 percent going out of business within six months of a cyberattack or data breach.

The Alarming State Of Cyber Resilience

The UK National Cybersecurity Centre (NCSC) has highlighted the significant and enduring cyber threats facing the UK in its latest annual review. The report points to the increasing frequency and sophistication of cyber threats, emphasising the need for enhanced cyber resilience across all sectors. This assessment aligns with the UK’s science secretary's recent warnings about the UK's urgent need to bolster its cyber defences.

Lessons From Recent Cyber Incidents

The vulnerability of the UK's cyber infrastructure is not theoretical. The Crowdstrike outage that took down millions of computers reveals how IT and security lapses can have far-reaching consequences.

The rise and rise of ransomware attacks also means that backup and recovery best practices are more important than ever. Service downtime, customer upsets, and corrupted data are just some of the common consequences that arise after a ransomware attack leaves a business offline.

Preparing For The Inevitable

Cybersecurity threats are inevitable, making it essential for businesses to prepare for the worst. The critical question is: if your business is hacked, is your data protected, and can you recover it in hours rather than days or weeks? If not, you are leaving your business vulnerable to severe disruptions.

While everyone emphasises the importance of backups, the real challenge lies in ensuring their integrity and recoverability. Are your backups clean? Can you quickly restore data without prolonged downtime? The total cost of ownership (TCO) of your data protection strategy over time is a crucial consideration. Traditional methods, such as relying on Iron Mountain for physical backups, are cumbersome and time-bound, requiring significant effort to locate and restore data.

Right Data, Right Place, Right Time

The story of data storage, much like the shift to cloud computing, revolves around strategically placing the right parts of your business operations in the most suitable locations at the right times. Data protection follows the same principle. Resilience is still a topic of frequent discussion, yet its broad nature makes it challenging to establish a clear set of best practices. As headlines frequently highlight new victims of cyberattacks, it raises the question: has data protection become more critical than traditional security measures in safeguarding a business' core assets?

Best practices for building robust data protection

1.    Adopt zero trust principles:  Implement zero trust principles to silo parts of your technology stack. This approach limits access to only those who need it and continually verifies each user and device. By segmenting your network and enforcing strict access controls, you can blunt the spread of infections and slow down the lateral movement of ransomware. This means that even if one part of your network is compromised, the rest remains secure, reducing the potential impact of an attack.

2. Use smart data backups:  Use data backups strategically to secure your business's critical workloads. Regularly back up your data and store copies in multiple locations, including off-site and in the cloud. Ensure that these backups are encrypted and protected by strong access controls. By having reliable backups, you can quickly restore data in the event of a cyberattack or other disaster, minimising downtime and loss.

3. Implement immutable data solutions:  Immutable data backups can be leveraged as a defence mechanism. Immutable data ensures that once a backup is created, it cannot be altered or deleted. This provides a safeguard against ransomware attacks and human error, ensuring that you always have a clean copy of your data to restore from. Implementing immutability can significantly enhance your data protection strategy and ensure rapid recovery during a crisis.

4. Conduct regular security tests:  Identify critical data, duplicate it, and store it securely. If you have seen this routine backup equation before, you might be missing one of the most important steps. Testing your backups, and ensuring copies are ‘clean’ and recoverable, makes the difference between a rapid recovery and one that’s halted by infected data. Businesses should conduct regular drills and simulations. This helps identify weaknesses and ensures that your team is prepared to respond effectively to real-world threats. Drills should cover various scenarios, including ransomware attacks, data breaches, and other common cyber incidents.

5. Prepare for advanced threats:  As cybercriminals increasingly target backup systems, it is essential to secure these systems with the same rigor as your primary data. Strengthen traditional backup and recovery systems against targeted attacks by using advanced malware protection and regular security audits to identify and mitigate vulnerabilities in your backup infrastructure. This proactive approach helps protect your safety net from being breached by attackers.

6. Increase your cyber hygiene:  Focus on policies that promote good cyber hygiene and clean data practices. Educate employees about the importance of cybersecurity and best practices for protecting data. Regular training sessions can help reinforce the need for strong passwords, phishing awareness, and secure handling of sensitive information. A culture of cybersecurity awareness is essential for maintaining robust data protection.

7. Plan for business continuity:  Integrate data protection into your business continuity and disaster recovery plans to outline how your business will maintain operations during and after a cyberattack. These plans should include detailed procedures for data recovery, communication strategies, and roles and responsibilities. Again, regularly update and test your plans to ensure they remain effective and relevant.

8. Integrate data protection with emerging technologies:  Data protection has become the backbone of other technologies, such as public cloud, storage, and AI. As businesses increasingly rely on these technologies, robust data protection becomes even more critical. Ensuring that data protection measures are integrated with these technologies will enhance resilience and minimise downtime.

Invest In Data Protection To Save The Cost Of A Data Breach

Investment in robust data protection measures is minimal compared to the potential cost of data loss. The average cost of a data breach is significant, but the long-term impact on a business' reputation and customer trust can be even more damaging.

Investing in data protection not only safeguards against financial loss but also enhances business continuity and resilience.

Ishwar Fernandes is Head of Technical Architects at CSI Ltd

Image: Unsplash

You Might Also Read: 

Is Your Business Ready To Embrace Artificial Intelligence?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Cyber War, Intelligence, Malware & Espionage [extract]
Four Security Risks Posed by AI Coding Assistants »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Cyrebro

Cyrebro

CYREBRO is your online cybersecurity central command managed SOC that integrates all your security events with strategic monitoring, proactive threat intelligence, and rapid incident response.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

QualySec

QualySec

QualySec is a leading cybersecurity firm specializing in comprehensive penetration testing and risk assessment services.

Mart Networks

Mart Networks

Mart Networks is one of Africa’s Pioneers when it comes to Value Added Technology Distribution.

SECUREU

SECUREU

At SECUREU, we protect growing businesses against cyberattacks by proactively implementing best security practices, fixing existing security vulnerabilities, and increasing cyber awareness.