At least once a week, it seems, a new cyber breach has been reported or a new threat discovered. Recent statistics reveal a 15% uptick in cyberattacks and data breaches in 2021; and the numbers continue to climb this year. Cyberattacks are a threat to most organizations. Unfortunately, it’s not a question of if you’re going to be attacked, it’s a question of when–and how dramatic that event will be.
Having a well-defined cyber recovery plan — and a working environment that’s suited to cyber recovery – should be a top priority for most businesses. The universal fallacy of cyber recovery that I hear is: “I’m just a small business and I don’t have high-profile data.” In fact, being a small or medium business makes you a bigger target for several reasons:
- 1. Budgetary Constraints on Security
- SMBs are less likely to have sophisticated security monitoring and prevention in place, mainly due to budgetary constraints. Advanced security can be expensive to deploy. Without the deep pockets of a multi-million-dollar corporation, most smaller companies do without.
- 2. Lack of Robust Recovery Solutions
- SMBs are less likely to have robust recovery solutions in place. And, unfortunately, they are more likely to pay a ransom than a large financial institution, because they don’t have the ability to recover on their own. That’s how the bad guys win, because the reality is that these attacks are all designed to extort money. So, small companies are exactly the target since they are most likely to pay the ransom.
- Prevent and Recover
- Cyber recovery begins with prevention but acknowledges the need for a recovery plan in place.
The general strategy our team at Melillo recommends is the 3, 2, 1 model:
3 copies of your data, in 2 locations, with 1 of those off-site.
Typically, if you aren’t diligent with patching your environment, you’re a target. If there’s a known exploit and it’s ignored, that’s a path into your network. That also goes for companies that don’t perform regular penetration testing or intrusion detection. Those who launch cyberattacks are probing hundreds of thousands – even millions — of systems a day, looking for those types of specific vulnerabilities.
SMBs don’t tend to have a dedicated staff for security, so the responsibility falls under a traditional IT admin, but this should be its own full-time job. And you only have to miss one thing, one time for there to be catastrophic consequences. That’s why 100% diligence is mandatory.
Part of that cyber diligence is keeping an offsite copy of your data disconnected from everything. This is referred to as an air gap: a security measure that isolates a digital device from other devices and networks. There’s only one way that it can be accessed, through a specific, direct channel from the backup device.
We have found the Dell EMC Cyber Recovery Vault to be an excellent cyber recovery solution that fits many SMB needs. It’s a complete, isolated recovery solution that helps minimize downtime, cost and lost sales by supplying a resilient backup to critical data as well as a road to recovery from a cyberattack.
One specific type of attack – ransomware – is a real and persistent threat that can bankrupt a SMB. Occasionally, from more financially secure companies, we hear, “it’s just cheaper for me to pay the ransom than to prevent the hack.” The belief is, “if I pay the money, then I should be able to recover.” We’re not so sure that paying the ransom will always result in the ability to restore your system to its original condition. Remember, hope is not a plan. Investing in and implementing a prevention strategy and creating a recovery plan are the only tried and true ways of having a successful–and resilient– business.
My team and I at Melillo Consulting are happy to guide your organization in the right direction towards more efficient and cost-effective cyber security practices. Reach out if you have any questions: firstname.lastname@example.org