Reinforcing Cyber Resiliency

By CIOReview | Friday, May 18, 2018
121
237
47

Understanding Protection Requirements for Business

In order to protect the firm/enterprise, one must have the complete understanding of the business. If any work happening on the system offers any value to the organization, it requires protection. To determine these values requires an understanding of the company's main functions that keep the business going. Following this, businesses need to identify the main risks as far as availability, confidentiality, and integrity are concerned. Approach your backup systems with a business mindset.

Approaching Backup Systems with a Business Mindset

What would happen if a malware attack could prevent developers from accessing their work? How long could an organization stay in business? Backups could be the temporary answer to this problem as they are not just there in case someone deletes something, after all. Backups and disaster recovery have been readily accepted as a part of the environmental company’s plan for dealing with ransomware. Currently, if hackers attack, organizations tend to shut down that environment and move to the next environment called as warm backup. This allows the organizations to get back up and running within a relatively short period of time in terms of disaster recovery. Although data consultants can help with this work, security teams often hire outside consultants. The third parties look at a specific application, and they do an application assessment—looking at bits and pieces, but never understanding the end-to-end business processes.

Looking Beyond Security for Resiliency

Companies know their data best, which systems are most important, what is the affordable downtime, where does the data move, and where does it exist. As third parties cannot overview day-to-day activities, the only way they understand a company’s priorities is through its employees. Building resiliency across the entire organization takes everyone, including the non-security colleagues.

The finance people have been in control of people’s data for a number of years. They actually knew how to look at the transaction logs, which security initiatives never really embraced. Owing to such conditions, there is a level of control that organizations need to focus on outside of what was typically done as IT professionals.