DISASTER RECOVERY FOR SMBS
seeking DR solutions that provide comprehensive strategies for data recovery, early detection, rapid response and mitigation of external and internal threats. The push from insurance companies to meet these standards is a significant factor shaping the DR landscape.” Countering cyberattacks A key part of a DR plan involves how to recover from a cyberattack. “It’s a perfect example of where cybersecurity strategy extends past just the technology,” says Neil Langridge, marketing and alliances director at e92 plus. “The implications on business continuity and IT service delivery are the first step. Ensuring backups are available, processes are planned for utilising trusted third suppliers for analysis and remediation and restoring systems once fully clean from any malware or attackers is essential. “Then there are the next stages in wider business implications – encompassing legal obligations to notify regulatory bodies such as the ICO in the event of data breach, or communications with customers in the event of their information being impacted!” Extending responsibilities Neil notes that an organisation’s responsibilities now often extend beyond their own network, infrastructure and customer base. “Firstly, supply chain networks are rising in popularity with bad actors as the potential damage can be significantly extended from one breach – API connections, shared infrastructure and managed services massively increasing the
potential exposure. All disaster recovery plans need to include the potential impact on the wider supply chain. “Secondly, one of the biggest growth areas in cybersecurity is attack surface management. As with all DR plans, the hard work comes in planning for the event, and building in the right prevention to ensure the plans is never needed! The edge of the network is now every user and device – that extends to the social media profiles of senior executives that could be compromised in the event of targeted attack, to cloud services the marketing team are leveraging that could involve customer profiling information that uses PII, and so comes under the remit of GDPR. The definition of what IT are now responsible for – or can support – has radically changed. The castle walls of the
Quentin Simmons senior forensic digital investigator
esentire.com
network are no longer the perimeter. “VARs and MSPs need to work with
customers to ensure all business continuity and DR plans encompass all these factors, as responsibility now extends far beyond the traditional corporate network as businesses become digitally integrated with customers, partners and suppliers.” Durgan Cooper, CETSAT chairman, notes that while recovering data after a cyberattack is a critical aspect of DR, it’s far from the whole picture. “Businesses must also prepare for physical damage to infrastructure, power outages and even human error, which can all lead to significant operational downtime,” he says. “The goal of DR is to restore not just data, but also critical business operations and services as quickly as possible. This involves a holistic approach that considers all potential threats.”
John Murray CTO
virtualdcs.co.uk
“
As with all DR plans, the hard work comes in planning for the event, and building in the
right prevention to ensure the plans is never needed!
”
CONTINUED
www.newsinthechannel.co.uk
37 47
Powered by FlippingBook