Preparing for the Inevitable Cyberattack

Aug. 19, 2022
Frank Lacomba, Senior Director of Product Management at Flexential, outlines five key steps to ensuring your disaster preparedness and recovery plan will protect you in case of a cyberattack.
Hurricane season is approaching, and IT departments are readying their systems and their disaster recovery (DR) responses.
While this preparation is critical, the threat of a cyberattack is also looming—and, unlike natural disasters, these manmade threats are blind to location and seasonality. Cyberattacks continue to increase in their sophistication and present a threat to every organization. The rate of incidence is also growing as businesses experienced 50% more cyberattacks in 2021 than in 2020.

The distributed workforce established by COVID-19 exposed new cybersecurity vulnerabilities that bad actors are ready to exploit. To avoid the lost revenue, decreased productivity and declining customer confidence that accompanies a cyber breach, a disaster preparedness and recovery plan should be an integral component of every corporate IT strategy.

Five Steps to Disaster Preparedness and Recovery

Assess

An effective DR plan, capable of mitigating an attack or recovering data begins with a deep understanding of the business’ needs, its critical systems and its risk factors. Organizations should understand their IT priorities and tier their requirements to ensure the most critical systems and data are restored first.

Design

Armed with this information, organizations can build a DR solution that supports uptime and resiliency and safeguards critical data. A key element of this design is the organization’s recovery point objective (RPO) and recovery time objective (RTO). Financial organizations, online retailers and other businesses with frequent, business-critical transactions demand more intense RPO/RTO requirements to limit data loss. Disaster recovery as a service (DRaaS) has emerged as leading data protection strategy given its flexibility, lack of upfront capital investments and low RTO/RPO.

Deploy

Implementing the DR solution requires a level of expertise to ensure its efficacy. A third-party provider like Flexential integrates years of experience and best practices to effectively execute the DR design.

Test & Improve

A DR solution is only effective if it works, making routine testing essential. These tests ensure that any changes to the IT environment are addressed by the DR plan prior to a disaster. DR testing also offers opportunities to improve DR procedures and recovery results. Think of this in terms of a professional sports team. A new play may be clunky on the team’s first attempt; however, with each attempt, the team tweaks and improves the process to strengthen the results. The DR plan is the same, using an iterative process to adapt and fortify recovery efforts, while providing new objectives for the next test.

Maintaining your configurations and test plans is also crucial. Organizations must document changes to the IT environment to ensure their IT teams have the right blueprint to restore the environment, if necessary. To continually strengthen the recovery process, organizations should also outline test objectives—whether addressing previous issues or new capabilities or systems—and report on the success and shortcomings of each test. Capturing this information continually improves the recovery process and offers an objective for the next text.

Build Awareness

Countering cyberattacks demands a company-wide commitment. With limited oversight by IT teams, organizations rely on the due diligence of individual users to utilize the necessary security tools and recognize potential threats. Cybersecurity awareness training should highlight the latest cyberthreats to help employees identify and appropriately respond to them. This training should also introduce and stress the value of various security measures, such as regular password updates, two-factor authentication and VPNs, to encourage their use.

A thoughtfully designed and executed DR plan is key in combatting the impacts of a cyberattack and bolstering operational and data integrity—because when it comes to cyberattacks, it is a matter of when, not if.

Frank Lacombe is Senior Director of Product Management at Flexential, where he’s responsible for executing the product strategy as well as participating in go-to market plans, business integration and lifecycle management of new and existing products and services for disaster recovery-as-a-service (DRaaS) and backup as-a-service (BaaS). Contact Flexential to learn more about building and executing DR plans that provide a foundation that supports business continuity.

About the Author

Voices of the Industry

Our Voice of the Industry feature showcases guest articles on thought leadership from sponsors of Data Center Frontier. For more information, see our Voices of the Industry description and guidelines.

Sponsored Recommendations

Guide to Environmental Sustainability Metrics for Data Centers

Unlock the power of Environmental, Social, and Governance (ESG) reporting in the data center industry with our comprehensive guide, proposing 28 key metrics across five categories...

The AI Disruption: Challenges and Guidance for Data Center Design

From large training clusters to small edge inference servers, AI is becoming a larger percentage of data center workloads. Learn more.

A better approach to boost data center capacity – Supply capacity agreements

Explore a transformative approach to data center capacity planning with insights on supply capacity agreements, addressing the impact of COVID-19, the AI race, and the evolving...

How Modernizing Aging Data Center Infrastructure Improves Sustainability

Explore the path to improved sustainability in data centers by modernizing aging infrastructure, uncovering challenges, three effective approaches, and specific examples outlined...