Everyone can recognize a disaster when they see one. But when it comes to data protection, a cyber-disaster—a ransomware attack that encrypts your data or malware that locks up your systems, for example—is very different from a natural disaster. Both can have significant impacts, though. There have been 18 weather/climate disaster events that have affected the United States through Oct. 8, 2021, with losses exceeding $1 billion each. Wildfires, hurricanes, and winter storms do real damage, and of those billions, at least some of those costs were borne by businesses fighting to survive.
data breach costs rose to $4.24 million, the highest average total in the report's history. Ransomware attacks were the most expensive, at an average of $4.62 million each, and 85 percent of breaches involved the human element.Then there’s cybercrime. According to the Ponemon Institute’s Cost of a Data Breach Report 2021,
We've made our point. Both kinds of disasters are disastrous for businesses. But what's critical is recovery. The question is, does it matter how you think about recovery, regardless of whether you experience a natural disaster or a malicious attack? Let’s look at the reasons we believe it does.
Recovery vs. Survival
Disaster recovery (DR) has one purpose: get your business back up and running while keeping data—and dollar—losses to a minimum. Cyber-recovery is about your business’s very survival, focusing on maintaining the minimum data, applications, and infrastructure that are essential for keeping things moving. That translates into prioritizing speed and availability for DR, while cyber-recovery focuses on security and data integrity.
Cyber-Recovery Starts With 3-2-1-1
Getting back in business after a cyberattack demands a new approach to backups. In a recent Executive Brief, IDC says it's time for a fresh take on the old 3-2-1 rule. The essence of the rule still holds. You should have three copies of your data—your primary storage and two backups stored locally on two formats (NAS, tape, or local drives). One copy should be stored offsite, in the cloud or secure storage. For the most part, that should provide the protection you need from natural disasters. The extra “1” in 3-2-1-1 represents immutable storage. And that’s the key to cyber-recovery.
Immutability is when data is converted to a write-once, read many times format that can't be altered. Immutable storage comes into play when we're talking about cyber-recovery because, unlike data encryption, there is no key, so there should be no way to reverse the immutability. Put simply, ransomware can't infect immutable files. IDC says that when paired with continuous data protection that captures data on each write, at intervals measured in seconds, immutability gives you the ability to get your data back, unaltered, within minutes of a breach. Of course, good restore and recovery practices are just as critical.
Look To the Cloud for Survival
Every aspect of the 3-2-1-1 rules applies to natural disasters. But these events can take out entire cities and even states—think the great Texas freeze of winter 2020. Just imagine how costly that downtime must have been for affected businesses. That’s why it makes sense to store one of your “2” backups in the cloud. Cloud-based backup and disaster recovery solutions protect on-premises systems and data, and you can access cloud data anywhere, anytime. With disaster recovery as a service (DRaaS), you also get offsite disaster recovery capabilities, including everything from file and folder recovery and machine virtualization to instant failover of an entire site and network.
Be Prepared for Every Disaster
While the causes and impacts may differ between natural and cyber-disasters, the bottom line is that your business gets hurt. The best way to minimize and mitigate the damage is preparation. If you'd like to get expert help in understanding your options for recovering from any disaster, talk to a StorageCraft recovery expert.
You May Also Like
- Backup and Disaster Recovery Channel: MSPs / VARs / SIsMay 26th, 2022
- Channel: MSPs / VARs / SIsMay 25th, 2022
- CybersecurityMay 24th, 2022