What do Disaster Recovery and Business Continuity have to do with Cybersecurity?

In honor of National Cybersecurity Awareness month, Sayers will be releasing a series of short videos focused on various cybersecurity topics. In this episode, I’d like to provide you with some quick information about Disaster Recovery and Business Continuity.

With that in mind, you may be asking yourself:

“What do Disaster Recovery and Business Continuity have to do with Cybersecurity?”

Well, having a robust Disaster Recovery program in place is absolutely your best defense against a ransomware attack.  Even if your corporate policy is simply to pay the ransom if your company is attacked, there’s no guarantee that the bad actors that attacked you will actually restore your data properly. In many cases the ransomware attackers will leave your data in a degraded or unusable state even after they’ve supposedly given you control over it.  Even worse, there’s a growing trend of attackers coming back and re-ransoming the same company multiple times because it’s so easy to do if the software they used in their attack isn’t completely sanitized.

Your company may have redundant, high-availability architecture in place that rapidly duplicates data to multiple sites to protect you from downtime. This type of architecture is excellent protection against day-to-day hazards that may cause system outages. However, in the case of a ransomware attack, that high-speed duplication can actually work against you by allowing the ransomware infection to spread more quickly through your environment.  All the redundancy in the world won’t protect you from last week’s data corruption, or help you recover from last month’s initial infection with ransomware.

In any case, the best defense for your company’s data is to have a mature Disaster Recovery program in place that protects 100% of it.  At a minimum, 100% of your data should be backed up, data should be recoverable to specific points in time in the past, backups should be stored in an immutable state so that they can not be altered, and data recovery should be tested at least annually to ensure that it will work when you need it. 

Ideally, this is all a part of your corporate policy, the data recovery testing happens multiple times per year with different types of data, and different staff members executing the tests to increase everyone’s familiarity with the process.

Sayers can help with maturing all aspects of your Disaster Recovery program, and help you make sure you’re better protected from Ransomware. If you would like to learn more about Sayers and our service offerings, please visit www.sayers.com. That’s all for this episode. Thank you.