It’s not always malware

685 Views

Every day, cyber incidents and their subsequent downtimes seem to fill the news. These downtimes, both costly and damaging to consumer trust, have rightfully been something that CISOs and CIOs work to prevent with increasingly sophisticated security measures. But sometimes the most damaging “disasters” are the simplest.

Earlier this year, one of the hyperscalers suffered a major data centre incident in which a water leak triggered a fire in a co-location data centre, knocking more than 90 services offline in France. This serves as a reminder to us all that, despite rising cybercrime stealing the headlines, preparing for physical disasters remains a vital part of any disaster recovery (DR) plan. It is crucial that businesses consider the impact that these incidents may create on their own day-to-day operations and invest in their own disaster recovery.

Heatwaves, flooding and hurricanes are facts of life for many people today, and their intensity and frequency seem to rise each year. IDC research found that 79% of IT and business leaders had activated a disaster recovery plan in 2021, and yet some enterprises still don’t have a robust strategy in place. Like security defences, disaster recovery strategies need to be multi-layered, and while other regions have factored extreme weather into the equation for decades, climate change is making these disasters impossible to ignore in UK recovery plans.

Preparing for the worst

With summer in full swing, the prospect of climate-based extreme weather events should be on every CISO’s mind. Last year’s record heatwaves in the UK were the second highest in Europe and even triggered wildfires. Weather events will surely have a significant impact again this summer, especially with the return of El Niño.

These events should be considered a meaningful threat to business continuity.

Nine out of ten organisations associate a single hour of downtime with more than £300,000 in damages — an estimation that only continues to rise, and which spells out not just revenue loss but potential business closure for the vast majority. Even a loss of data for ten days has driven many otherwise robust businesses to bankruptcy in recent years. Whether it’s a blackout or risk to IT infrastructure, the damage of these downtimes to a business, its customers and employees alike can’t be undervalued.

Downtime can be costly, and investing upfront in the ability to failover your systems in the event of a physical disaster could be the difference between business success and serious financial losses. Disaster Recovery (DRaaS) allows organisations to replicate all IT workloads and applications from public or private clouds, for both virtual and physical environments at a highly successful price point.

It only takes one incident to harm an organisation. So, a tested business continuity plan is a fundamental step to ensure lasting profitability for your business.

Future Proofing Your Operations

In today’s threat landscape, disaster recovery is an essential part of any security strategy. Focused on quickly recovering and maintaining data and crucial functions in the wake of an unplanned incident, the first step of any DR strategy lies in assessing exactly which applications, servers, and types of data are most important.

In short, CISOs need to make sure their disaster recovery plans are synchronised with their business’s priorities and engage all departments in deciding what these are. Risk assessment is vital: IT managers and their teams are obliged to evaluate the risk of data loss and the impact that any given incident can have on the organisation in both the short term and the long term. Many organisations can ensure they are prepared for an incident by regularly backing up their systems and data across the cloud and in air-gapped copies, leveraging automation where possible. Companies utilise different types of data protection products (backup and recovery software, mirrors, and replicas) alongside disaster recovery tactics to ensure data recovery in case any failure happens.

Factoring in the Physical

Businesses need to prepare themselves for the worst, and IT teams bear that strain. Proactively seeking out trusted partners and investing in a managed DR service before disaster strikes allows businesses to ensure business continuity and peace of mind, even at the worst moments.

The consequences of climate change are being felt globally and these physical threats to business continuity are becoming impossible for IT teams to ignore. The new laws around climate-related corporate disclosure should mean that UK businesses are already considering these impacts, but they need to play a growing role in recovery planning from the outset.

Be mindful of the geographic risks that your on-premises and cloud data centres may be operating in, be proactive in planning DR strategies for each disaster event that your risk assessments indicate, and be persistent in testing and refreshing your backups.