Almost every organization has been impacted by the pandemic in some shape or form, with many companies forced to shift their entire business and operations online almost overnight to maintain any sort of cashflow.
But now, as businesses are slowly allowed to return to normal, and it appears we have awoken to a new era of work. Digital transformation efforts were accelerated at the beginning of the pandemic to fulfil organizations’ needs to operate entirely remotely and in the post-pandemic world, these major changes will likely stay in place as work forces have gotten used to the ‘new normal’ of work.
However, this new normal comes with new challenges for organizations. A large proportion of critical business information is stored on email, and businesses that rely on Office 365 are often left unprotected given their shared responsibility model. Employees, too, are using potentially unsecure personal devices, and running these on less-than-secure networks when remote working.
This leaves businesses more vulnerable to attack as it creates a much broader attack landscape for criminals to target. Customers are already increasingly unforgiving when it comes to downtime and the onus will be on businesses to not just recover their backups, but to recover them as quickly as possible. As we have become more reliant on smoothly functioning technology as a result of the pandemic, businesses will need to protect all critical IT infrastructure to ensure operations continue to operate seamlessly.
Cyberattacks, downtime and the unforgiving consumer
The ramifications of successful ransomware attacks are well known. We don’t need to look further than January’s infamous attack on Travelex that resulted in a loss in earnings of £25 million, in addition to the multi-million pound ransom that was paid to attackers. However, the full-scale impact of these attacks can’t truly be quantified.
Recent research has shown that consumers are increasingly showing little tolerance towards businesses that suffer downtime and data loss due to successful cyberattacks. Almost 60 percent of UK consumers said that they would actively avoid purchasing from a business for a year if it had fallen victim to a cyberattack. Little under half of consumers would continue to avoid these businesses for three years, demonstrating consumers have long-lasting memories when it comes to successful cyberattacks.
Not only can a cyberattack itself have a devastating impact on companies, lasting financial and reputation damage will continue to haunt businesses prospects, at a time when they can least afford to deal with the extra disruption.
Maintaining business continuity in a remote working society
With the major shift for organizations to remote working, more information and communications are circulating across the email via laptops that are often not secured sufficiently enough for a remote environment.
Organizations with large numbers of staff now working remotely would greatly benefit from direct-to-cloud backup and disaster recovery (DR). These don’t need any storage or additional hardware to be deployed on-premises to prepare the data before it is transferred to the cloud. This allows for laptops to be properly backed up, wherever they are working from, and there is no need for them to have specialized and expensive infrastructure in support.
Microsoft Office 365, for example, has over 200 million users around the world and forms an vital part of many organizations workflow. It’s a key source of some of their most critical data. However, tools like these need third-party assistance for longer term data retention, preserving the data of accounts of those which have left the company, or mitigating the impact of email phishing scams. To completely rely on the native data backup support is impractical.
A vast amount of data is located either on laptops or on tools in the public cloud. Both locations require secure backups, should the data on these systems be compromised. Hybrid cloud allows businesses to have an ‘air gap’ that protects important data, wherever it resides within an IT infrastructure. This can mean an on-premises backup for the cloud data from their Software as a Service (SaaS) tools, or a public cloud backup of locally stored files on laptops. Having diversified backup options can also give firms more control over where their data resides, helping to maintain compliance with GDPR and other major data privacy regulations.
Immutable backups & cloud-native backup and disaster recovery
Due to consumers unforgiving attitudes to data security, the onus is on businesses to not just recover their backups, but to recover them as quickly as possible. Organizations need to be able to recover their systems within 24 hours in order to avoid the risk of customers taking their business to a rival competitor.
Having the type of IT infrastructure that allows for rapid recovery needs a level of planning that goes beyond merely implementing “locked” read-only backups, that can’t be edited or manipulated by ransomware after they are created. Simply having “locked” backups is of little utility, because even though cyber criminals can’t do anything with these backups, neither can your own IT team.
With rapid recovery being all important, organizations should look to implement secure, local, on-premises backups as these can offer an avenue to uninterrupted continuity, without being limited by the networking speed limitations of having backup data protected from attacks only when on public cloud platforms. The best course of action for organizations is for them to treat backups as critical infrastructure and protect them everywhere with the best cybersecurity protocols possible, just like any other key business function as. This will render them practically immutable to ransomware, without limiting their usability.
Though we may be living in an uprooted society, with a set of economic and political circumstances which are anything but reliable, this only makes having reliable IT systems more important. So, as business are already being assailed from all angles by economic threats outside their control, businesses need to do absolutely everything they can to ensure their IT systems aren’t source of further unexpected disasters. This means being armed and ready for a world of remote working and unforgiving consumers, where practically instantaneous recovery is the overriding expectation.
Mick Bradley, VP EMEA, Arcserve