Want IT resiliency? Stop the see-saw of imbalanced attention

As cyber threats continue to grow among companies with sensitive data, IT must take a holistic approach to managing and mitigating these threats. Here’s how to bridge preventative and restorative measures for IT resiliency.

balance - measure - comparison - risk assessment

What keeps IT leaders up at night? The answer is almost unanimous: security threats. Companies spend upwards of 10% of their IT budgets on security, yet the poor CIO still cannot sleep at night. Spending too much trying to prevent a cyber threat to the detriment of your restorative measures can leave you feeling like the little kid whose older (and heavier) brother keeps your end of the see-saw from coming back down (not that that ever happened to me)!

As cyber threats to business continuity grow ever more prevalent among companies with sensitive data, business leadership and IT may have the gut reaction to focus additional attention on warding off these threats. However, this tendency to prevent, rather than to shore up restorative practices, is leading to a major imbalance in the marketplace when it comes to IT resiliency—something cybercriminals will continue to exploit. To achieve true data and operational resiliency, IT departments must, instead, take a holistic approach to managing and mitigating cyber threats. But what does this exactly look like?

Two halves of the equation

Prevention may seem the obvious choice when businesses around you are being bombarded with disruptions. This is not to say these measures aren’t of paramount importance; they’re just not the only important aspect that needs attention. The often-forgotten aspect of resiliency is the restorative strategy—which acts as a Plan B should an event occur. It gives your company the ability to recover data and return operations to normal again, minimizing the impacts of a cyber breach.

Given that no preventative solution can be 100% effective when all it takes is one wrong click to invite an intrusion, businesses must start taking extra precautions to ensure their crown jewels aren’t lost in a breach scenario. This is why many experts are now advocating for a 2-pronged approach: a balanced attention and investment in preventative AND restorative strategies. When a cybercriminal makes it past the first line of defense (prevention), there must be a secondary plan (restoration) to recover quickly and effectively from a breach.

The problem is that imbalanced attention on prevention is not a rare occurrence – it’s becoming a pervasive issue among organizations. In a 2017 survey from IDG Research and Bluelock, 59% of respondents claimed they focus more on preventative measures, while only 41% emphasized restoratives measures more. But, 51% of these same survey participants also claimed “ransomware” and “human error/missed protocol” as their organizations’ largest security threats – two things that depend upon recovery-focused solutions like IT disaster recovery and backups to resolve.

When end-to-end risk mitigation is not prioritized, this opens your business up for security events and data loss. Cybersecurity breaches have many of the same impacts on reputation and bottom line as weather events and power outages, so IT teams must dedicate a holistic attention for resolution. But sometimes it can be hard to truly understand your IT stance and get buy-in from company leadership. For this reason, my company has created a self-assessment guide to help others understand their existing risk posture and know what options can be taken to improve a resiliency strategy.

Another key consideration…if a security incident does occur, how will your IT team know? This is why, as a bridge between preventative and restorative solutions, you must also have a detection solution to monitor, scan and notify you of any fishy behavior. Keeping “eyes on the screen” at all times is something most companies cannot afford the staff to do, yet that level of vigilance is what it takes.

Many companies are turning to third-party providers who are skilled at separating “the signal from the noise” and identifying threats that may be dormant in their systems.

IT resiliency depends upon proactivity

In the end, it’s critical to give detailed attention not just to the figurative body guards of your IT systems, but also plan for scenarios where something gets by. Companies should be testing their preventative and restorative solutions on a continual basis, upgrading firewall and antivirus technologies, and cross-checking their user logs. There should also be a well-documented and regularly-updated playbook of who does what when disaster strikes.

Cybercriminals are getting more sophisticated every year, so staying ahead of the curve now means businesses must embrace a proactive culture. Of course, this most often occurs with a top-down mindset shift, so leadership backing is the biggest key to success.

Response to a cyber-attack should be added to your Disaster Recovering testing scenarios (you are testing your DR, right?). Your Information Incident Response Plan should be tested and updated at least twice a year, including testing of your restorative measures.  

Restorative strategies have transformed significantly in the past five years in terms of innovation, effectiveness and cost, so these solutions might be something to explore as an investment for your business. Have a conversation with your organization’s executive leadership about what the long-term objectives are surrounding IT availability and service to customers. Does your existing IT plan help to enable these objectives? If not, then discuss what can be done to help get there.

Copyright © 2018 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.