Why Companies Need A Next-Gen Approach To Business Continuity

Uploaded on 2022-09-30 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW

During the pandemic, many organisations embraced a hybrid environment, allowing employees to work from home or anywhere else. On top of this, many have adopted or are now implementing infrastructure-modernisation initiatives and digital-transformation programs.

These significant changes bring various challenges, including increased complexity, potential vulnerabilities, and the burning question of how to keep operations running smoothly during a natural, hardware, human or cyber disaster.

To solve those challenges, IT teams must reevaluate their approach to business continuity. The IT metrics to measure business continuity remain the same: uptime, the availability of data and apps, and backup and recovery. But the widespread transition to remote work and digital technologies demands a new approach to business continuity that acknowledges IT's growing responsibility to enable a hybrid workplace and keep all digital systems up and always running.

This approach applies to every company that relies on technology to do business. For example, the French restaurant down the street that uses cloud-based software allows customers to order and pay on their phones. If there is a disruption, if customers place orders that don't go through, the restaurant loses not only the orders but the trust of those customers.

For every connected company, continuity is now an absolute requirement, whether that company is in the business of high tech or haute cuisine.

As they get increasingly digital, there is greater pressure than ever on organizations to achieve 24/7 uptime. An independent global study commissioned by Arcserve showed that 83% of IT decision-makers believe 12 hours is the maximum acceptable downtime for critical systems before a measurable negative impact on business.
And, for many businesses, even this is too long. Indeed, according to a 2021 study from IBM, just one hour of downtime for a single server can cost firms $100,000. So, for an organization with 1,000 servers, that comes to $10 million per hour.

To minimise downtime, today's organisations must take a next-gen approach to business continuity. Here's how they can do it.

Create A Plan

Every organisation should have a business continuity plan. It is a step-by-step plan that will guide your response to a disruption, a time when speed and clear thinking are of the essence. Your plan should encompass any contingency - natural disaster, electrical outage, or cyber attack - so you can address the cause, minimise downtime, and control damage to your revenue and reputation.

Your plan should be comprehensive. It should list the resources needed in a crisis, such as data backups and storage locations. It should also include workers' steps to properly alert company leaders, maintain customer communication, and sustain productivity.

Companies should test the plan regularly to ensure it will work when needed. Testing will help you identify and address weak points before being exposed to a crisis. With a robust and regularly tested plan, you can move forward with confidence that you'll be able to safeguard your data and restore it if necessary when a cyberattack or natural disaster strikes.

Make Data Backups Front Of Mind

Most companies will suffer a data-loss event at some point. In the recent survey commissioned by Arcserve, 74% of midsize companies said they had experienced data loss in the past five years, and 52% of respondents said they could not recover all their data after a loss.

Businesses should adopt a 3-2-1-1 data-backup strategy to prevent data loss. It means three backup copies of your data on two different media (disk and tape, for example), with one copy stored offsite for disaster recovery. The final 1 is immutable backup storage. Immutable backups are the key to successful disaster recovery and business continuity. They convert your data to a write once, read many times format that can't be altered, deleted, or encrypted.

Establish Your RPO And RTO  

A solid business continuity plan should also include recovery point objectives (RPO) and recovery time objectives (RTO), along with steps to achieve them.

RPO is the amount of data your business can tolerate losing in a disruption before the company experiences serious harm. It's the benchmark you use to decide how often you should back up your data and determine the infrastructure you need to enable that backup schedule. Companies can set different RPOs for different functions of the business. For example, dynamic files like financial transactions need a short RPO. Due to the number of variables involved, the recreation of such files is often not possible if they're lost. Static files like employee records can have a longer RPO.

RTO is the maximum amount of time after a disruption before your operations should be up and running normally again. Once you've established your RTO, you can make informed decisions about your data resilience plan. So, if you decide that your organisation can tolerate only one hour of downtime, you'll know you need to build a recovery program that enables you to be back up and running within an hour.

Final Takeaway

In the old days, companies waited for disruptions to occur, and if they did, they learned, adjusted, and moved on. Nowadays, with the threat of disruptions frequent and the damage done by data loss potentially fatal, companies need a next-gen approach to business continuity.

They need a solid and regularly tested plan. Organisations with such a plan will withstand the threats coming at them fast and furious, from natural disasters to cyber attacks. Organisations that don't have such a plan will find themselves in the rearview mirror.

Florian Malecki is Executive Vice President of Marketing at Arcserve

You Might Also Read: 

Containers Are Temporary, But Container Data Is Not:

 

« Securing The Future Of Open Finance
Lessons From The Cyber Front Line »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

Qasky

Qasky

Anhui Qasky Quantum Technology Co. Ltd. (Qasky) is a new high-tech enterprise engaged in quantum information technology industrialization in China.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.