Regardless of where you get your news, reports of data-related business outages and the subsequent damage to credibility are increasingly becoming common. From high-profile data breaches to increasingly audacious ransomware attacks on all levels of public and private organisations, data management has become a mainstream topic and highly visible.
According to the CSA’s Singapore Cyber Landscape 2022 report, cybersecurity vendors reported a 13% increase in ransomware incidents worldwide in 2022. It has also been reported that organisations in the Asia-Pacific region are prime targets for cybercriminals, with their ransomware pay rate being higher than the global average at 18.9%.
Factors in operational resilience
Today, data security, accessibility, and management are the most significant aspects of reputational risk to any organisation. For government bodies, healthcare providers, or any business responsible for the secure stewardship of personal, identifiable data, it is even more critical.
However, consideration of reputational risk is only one factor in the wider business imperative to ensure ‘operational resilience.’
Operational resilience refers to the ability of businesses to prevent and recover from disruptions to their critical business operations. Strong operational resilience is essential for the stability and reliability of any business, as it ensures organisations can continue providing essential services to their clients, even in the face of major disruptions.
With the increasingly prevalent combinations of on-premises and multi-cloud hybrid business-critical operational data environments comes an increased risk of disruption. Only a relatively small portion of workloads running critical workloads in the public cloud today are designed this way. Many are simply legacy applications that have been “lifted and shifted” to the cloud, meaning very few applications have built-in tolerance for a major outage, such as the loss of a complete availability zone.
This topic is now a top priority for all our customers during my conversations with them. To achieve operational resilience, companies must ask themselves two questions: First, how do we protect our data? And second, how do we more completely detect preventable elements, like ransomware attacks?
Navigating the threat landscape
While human error will always be a risk factor, all companies must also face the simple truth: A ransomware attack will happen. As cloud adoption continues to accelerate, the associated risks also increase. It’s essential for modern IT organisations to adopt solutions that are flexible and capable of efficiently managing and safeguarding data across various environments.
Early detection of ransomware will further secure an organisation, but only when combined with a comprehensive response plan that is regularly tested, rehearsed, and continually communicated to all stakeholders.
Regarding the stress testing of these plans, many companies possess a combination of tools, solutions, and strategies that remain untested until a breach occurs. These then fail at the point of a breach. The key strategy is to invest in being able to test the plan on an ongoing basis. This isn’t a case of a ‘one-off’ – it should be a living process, capable of adapting to react to the rapidly shifting shape of the new cyberthreats.
Business continuity plan
To ensure successful operational resilience in the face of ransomware attacks, businesses should:
- Implement robust risk-management processes to identify and assess potential ransomware attacks and develop strategies to prevent or mitigate them.
- Develop and regularly test contingency plans to ensure their business can continue providing essential services should an attack take place.
- Invest in redundant and resilient IT systems to reduce the likelihood of disruptions following an attack and improve the business’s ability to recover from it.
- Regularly train and retrain staff and all service-providing third parties on operational-resilience procedures in the face of an attack. Too often, key outsourcing partners do not receive updates in critical communication procedures.
- Regularly rehearse the plan with drills and exercises to test IT operational resilience processes and identify areas for improvement. These must be done with employees and service providers. Ensuring everyone knows the plan, as well as their roles and responsibilities during an attack, is the most regularly overlooked factor in operational resiliency creation.
- Work closely with regulators and industry organisations to stay up to date on best practices and emerging threats.
Adapting to new cybersecurity challenges
Within organisations impacted by ransomware attacks, there is often a rush to attribute blame. Who is responsible for this breach? Blame is frequently placed on the CIO and CTO; even CEOs can be held accountable. However, the root cause of operational resilience breakdown is often a failure of communication, either internally between business units or functional groups, or more commonly, where planned processes have not been sufficiently tested or updated with key IT outsourcers or service providers.
With increasing reliance on public cloud services for business-critical operations, executives also need to be clear on which security capabilities are provided as part of their cloud service agreements, and which remain their own responsibility.
In reality, all parties are somewhat to blame. So, in the face of a cyber breach, whether malicious or accidental, organisations need to act together as a team. Only by coming together and everyone implementing a well-rehearsed recovery plan can operational resiliency truly be maintained and business risk minimised.
In 2024, new technologies will come into play. AI can already assist the process through anomaly detection and malware screening. It can also take on some operations and make them autonomous, in some cases relieving skills gaps within overstretched IT departments. However, AI isn’t the silver bullet: as businesses use it more, so do the criminals. It’s a never-ending battle.
