Three Common Cyber Resilience Mistakes Companies Make (and How to Fix Them)

By Byron Horn-Botha, Business Unit Head, Arcserve Southern Africa

With the growth of AI and more sophisticated attack methods, cyber threats continue to evolve, posing a significant risk to your business, regardless of its size or the industry you’re in. 

The consequences of a cyberattack can be devastating: The global average total cost of a data breach is $4.35 million, according to the IBM Cost of a Data Breach 2022 report. The stakes are even higher regarding ransomware, with the same report finding that the average cost of a destructive ransomware attack is $5.12 million.

How can you defend your business against these threats? We recommend that you embrace the five pillars of cyber resilience: 

• Identify
• Protect
• Detect
• Respond
• Recover

While these pillars provide a comprehensive framework for navigating today’s challenges, many organizations continue to make three common mistakes that leave them vulnerable to cyber threats. Let’s go through those mistakes—and what you can do about them.

1. Underestimating the Value of Digital Assets and Data

One of the most critical errors your company may make regarding cyber resilience is failing to recognize just how valuable your digital assets are to your organization. You need to fully understand the value of those assets, including your organization’s intellectual property (IP), customer data, and other proprietary information. A lack of awareness may lead to inadequate protection measures, such as weak passwords, unpatched or outdated software, and insufficient access controls. That exposes your organization to threats.

With the world’s increasing reliance on digital technologies and data-driven decision-making, digital assets have become more valuable than ever. That makes them an even bigger target for the bad guys. Cybercriminals constantly seek to exploit high-value data and digital assets for financial gain or to disrupt business operations. 

That’s why you need to conduct thorough risk assessments to identify your most critical assets and data, understand your vulnerabilities, and implement robust security measures to strengthen them. These measures should include regularly monitoring, patching, and updating of systems and software and implementing effective authentication mechanisms, like multi-factor authentication (MFA) and encryption protocols.

While these protocols may be routine for large organizations, many small and midsize companies still have legacy applications running on outdated operating systems from Windows. This can lead to a data resilience gap in your company’s strategy. It can also present a real risk if your backup vendor can’t support those outdated operating systems. 

That’s why it’s essential to assess how many legacy applications you have running on older operating systems and whether they can be backed up. If they can’t be backed up, you must address the problem, or your data will continue to be at risk.

2. Lack of Third-Party Risk Management Controls

If your company is like most, you rely on third-party vendors, suppliers, and service providers to support their operations. Dark Reading says that the average organization does business with 11 third parties, and 98 percent do business with a third party that has suffered a breach. These external partners often have access to critical systems, data, and networks. But not all third parties have a strong cybersecurity posture, as the Dark Reading numbers clearly illustrate. 

That’s why you need to thoroughly assess their third-party partners’ cybersecurity position and ensure they adhere to the same security standards and protocols as their own. Because their vulnerabilities offer a potential entry point for cyberattacks on your systems, you should conduct comprehensive due diligence on third-party vendors, assess their cybersecurity capabilities, and establish robust contracts and agreements that clearly define your security expectations and everyone’s responsibilities. You should also regularly monitor and audit your third-party providers’ cybersecurity practices to ensure ongoing compliance.

These third-party risks are especially acute for organizations operating in a hybrid cloud environment. That’s because supporting disparate cloud platforms and ensuring they work well together can be complex, and it can open up security gaps. You should address these gaps with an adequate data protection and recovery strategy for your hybrid cloud environment. That includes choosing a cloud storage solution that offers continuous snapshots, multiple recovery points, and security controls for private, public, and SaaS environments.

3. Inadequate Testing of Disaster Recovery Plans

Your company may invest significant resources in developing disaster recovery plans to mitigate the impact of cyberattacks. But if you don’t adequately test and update your plans, you won’t be prepared to respond effectively to real-world cyber incidents. Disaster recovery strategies are only effective if regularly tested, refined, and updated based on evolving cyber threats and changing business needs.

That’s why you need to conduct regular tabletop exercises and simulated cyberattack scenarios to test the effectiveness of your disaster recovery plans. These exercises can help you identify gaps and weaknesses in your plans and drive necessary adjustments. You should also conduct post-incident reviews after any cyber incident to assess the effectiveness of your response and identify areas for improvement. This feedback loop is critical for continuously improving the incident-response capabilities of your organization and ensuring that your plans remain effective and relevant.

Get Expert Data Resilience Guidance

Arcserve’s network of technology partners brings data resilience expertise and leading data protection and disaster recovery solutions to businesses of every size, anywhere in the world. 

Find an Arcserve technology partner here. To learn more about Arcserve products, request a demo.