Here’s an alarming statistic: More than 80% of organizations have suffered a material cybersecurity breach recently, over half of them within the last year.
Today’s cyber attacks are more sophisticated and difficult to repel than ever, especially in light of advances in artificial intelligence (AI). The proliferation of software-as-a-service (SaaS) and cloud applications, remote work, and mobile devices also presents more opportunities for security breaches. Misconfigured systems, open permissions for long-departed employees, and insufficiently secure networks can all make organizations vulnerable.
The question is not if you will experience a breach, or even when, but how often. You must assume you will—or already have.
Fostering Cyber Resilience
Unfortunately, too many organizations are unprepared for this new reality. More than half of the 1,000 global cybersecurity and IT leaders Commvault and GigaOm surveyed in the first-ever Cyber Recovery Readiness Report say they are not completely confident they could recover systems and data following a major cybersecurity incident.
This can be devastating to a company’s reputation and bottom line. The average cost of recovering from a ransomware attack—not including any ransom payments—is almost $3 million, according to Sophos’s 2024 State of Ransomware report.
In this challenging environment, organizations must make cyber defense and recovery priorities. Yet leaders may struggle with the best way to accomplish that.
To clarify which actions are most effective, Commvault analyzed the most cyber-resilient organizations and identified five markers they all have:
1. Security tools for early warnings. Not all attacks are preventable, but early detection is critical to acting quickly, which minimizes downtime and damage to data. Tools like Security Information and Event Management, User and Entity Behavior Analytics, and Endpoint Detection and Response can give early warning of internal and external threats.
2. A secure recovery space that’s set up and ready to go. Access to a recovery environment, such as a clean room, is essential to ensure business continuity and data integrity. This site should be isolated from primary systems to keep out viruses and malware and to reduce downtime when the recovery system takes over. Testing this clean room regularly for recovery readiness is essential to ensure it functions as expected.
3. An isolated environment for backup storage. Cyber-resilient operations keep an air-gapped copy of their data, physically isolated from the internet and internal systems. This protects backup storage from both internal and external attacks and ensures access to clean, reliable data for recovery efforts in case systems are corrupted or data is lost or compromised.
4. Defined runbooks, roles, and processes for incident response. A disturbing 42% of organizations in the survey said they lacked a clear understanding of who was in charge of cyber resilience and recovery efforts. The lack of a coordinated response leaves organizations vulnerable and at risk of losing valuable time during an attack, potentially causing more losses, damage, and downtime.
Cyber-resilient organizations have developed and tested step-by-step runbooks for different kinds of incidents, and they have defined roles and responsibilities for each team member. These synchronized efforts support business continuity and hasten recovery.
6. Specific metrics for cyber recovery readiness and risk. Benchmarks and tests help organizations accurately assess their ability to address and recover from cyber incidents as well as the risks they are most likely to face. Regular risk assessments and drills can provide valuable insight into the effectiveness of recovery plans and identify potential vulnerabilities.
These metrics are especially critical for maintaining cyber resilience as new risks emerge and attack strategies evolve.
A New Standard for Cyber Readiness
Organizations that have at least four of these five markers report fewer cybersecurity breaches and faster recovery times.
By following their lead, your organization can prepare to defend its digital infrastructure and assets against cyber attacks.
The dynamic technology and threat landscape requires a new approach to cybersecurity that prioritizes recovery. After a breach, employing the right practices can help keep your organization’s most important data safe—and get you back to business as quickly as possible.
Download Commvault’s 2024 Cyber Recovery Readiness Report and put your organization on the road to cyber maturity.