Cyber attacks are on the rise… It’s not a matter of if but when.
This past year, we’ve seen a range of cyber attacks affecting everything from Yahoo! to the MUNI in San Francisco to the Presidential election. Systems and organizations that we thought were foolproof fell victim to malware and security breaches. Organizations shelled out millions of dollars in response to ransomware attacks to be able to continue operations. You may recall Todd Scallan’s blog post, “Why Disaster Recovery Isn’t Resilience“, which highlighted that when it comes to cyber attacks, it’s not a matter of if but when.
Cybersecurity is still top of mind for CIO spend to help curb the risk the business has when it comes to cyber threats. But strong cybersecurity practices really isn’t the silver bullet. There needs to be combination of both good cyber practices, good OpSec practices, and a strong response in place to ensure business operations are not severely impacted following an attack.
Resilient, agile IT starts with backup and disaster recovery.
Backup and disaster recovery solutions aren’t the sexiest IT investments that leaders can make, but they are some of the most important. It’s true that in many cases, these solutions sit idle until someone needs to recover an email or file they actually deleted. But think about what would happen if your business was hit over the weekend with a ransomware attack like Cryptolocker? Would your current backup solutions be able to recover the data? Would your current DR solutions be able to bring operations back online to minimize the cost of the outage associated with a cyber attack?
For a lot of businesses, this isn’t the case. Their investments in DR and backup were not modernized alongside their other applications, leaving them helpless in response to cyber attacks. Hollywood Presbyterian Medical Center in Los Angeles ended up paying a $17,000 ransom to a hacker who seized controls of their systems. While $17,000 may not seem like much, imagine if the hacker demanded a higher ransom — or imagine if patients had to go without care for hours or days due to lack of operational systems. There could have been incredibly steep impacts as a result of not having a strong backup and DR solution in place.
There are two objectives that most people think about when it comes to backup and DR solutions:
- Recovery Point Objective (RPO): This refers to how often the system is taking a backup of the data. It also can be thought of as the amount of data that could potentially be lost as a result of a cyber attack. An RPO of 8 hours, for instance, would take a backup of a given dataset three times a day, let’s say midnight, 8 AM, and 4 PM. If that business was hit with a ransomware attack like Cryptolocker right at 3:59 PM, that business could potentially lose the last 8 hours worth of data.
- Recovery Time Objective (RTO): This refers to the amount of time it takes to recover a data following a disruption. For businesses using tapes, RTOs can be in days or even weeks depending on the logistics of locating and rebuilding the tapes. Recovering data from a backup also doesn’t constitute disaster recovery. That data, once recovered, needs to be given back to the systems and applications that use that data. For DR, the RTO refers to the amount of time it takes before users can access and use their systems and applications following a disruption.
Using the cloud for DR: quick, efficient, reliable.
It may not be easy for your organization to begin shifting budgets right away to begin modernizing your backup and DR solutions for your entire datacenter. With legacy backup and DR solutions, you’re often looking at having to invest a lot of upfront CapEx to buy hardware and then pay another vendor for the software licensing to replicate and protect that data. And to truly have DR and data protection, you’ll also need to make sure that the replicated copies of data reside at a different geographical location from the production data to protect against things like power outages and natural disasters. For businesses without multiple data centers, this might require leasing data center space somewhere or using a colocation facility, which quickly adds up in OpEx costs.
But you don’t have to do everything at once… And it doesn’t need to take days or weeks to get something in place to protect your data. The cloud has really become a great way to implement quick, efficient, and reliable DR and data protection for your applications. Disaster Recovery as a Service (DRaaS) solutions, like Axcient Fusion, can be spun up quickly and you can start with a subset of your overall environment — ensuring that your most critical applications and data are going to be protected in the event of an attack.
Give yourself the gift of peace of mind with Axcient Fusion.
At Axcient, we don’t want the fear of cyber, ransomware, and malware attacks to impact your holiday season. That’s why we want to offer you with one of the best gifts you could have: peace of mind. We’ve been protecting businesses all over the world for the past 9 years. You can even hear from All Natural how they were able to rapidly recover their business following a Cryptolocker attack.
Remember when we mentioned before that the cloud could quickly be used to implement DR and data protection for your business? What if you could implement a solution just in time for the holidays? ESG Lab recently performed an independent validation of our solution, Fusion, and found that it could be setup and deployed in just 10 minutes — meaning that you can literally have DR and backup for your applications in the amount of time it takes for you to run and get a cup of coffee. Not to mention, Fusion provides 1-hour RPOs and RTOs for all your applications.