By David Lenz, Vice President, Asia Pacific, Arcserve
Cyberattacks now exact a massive toll on organisations, evolving rapidly in scale and sophistication. The cost of an attack to organisations extends well beyond the obvious cost of data loss to the high price of downtime, recovery and the lasting damage to reputation and brand.
The key to better preparedness for organisations involve understanding potential threats, mitigating risks, and developing strategies for recovery. Such a proactive stance can make a significant difference in the business’s ability to withstand any disaster that may strike.
Three elements to avoid disaster
The most effective approach to mitigate the cost of an attack is to invest in an orchestrated backup and recovery architecture that ensures data resilience. An architecture in place will ensure the business is prepared for any potential disaster. With a well-defined plan and the necessary tools installed, a business can minimise the impact of the disaster and continue running smoothly.
There are three vital elements that should be incorporated in any EOFY planning to shore up the organisation’s data resilience and the ability to avoid a potentially disastrous situation.
1. Testing – Numerous variables and unknowns arise during an incident. Solid backup and disaster recovery policies will prepare you for them, but only if you include a regular testing program in those policies. With DR testing, you can ascertain and document the procedures necessary to restore business operations and systems in the event of an incident. Once you’ve done that, you can validate those procedures and fix potential gaps from policy and personnel perspectives. Companies must conduct regular backup tests, whether done quarterly, annually, or concurrent with significant events like a merger, deployment of a new IT system, or employee expansion. Best practices dictate that it’s crucial to define occasions when a disaster recovery test should occur to avoid a worst-case scenario if disaster strikes.
2. Orchestration – The second aspect of resilience entails using automation to speed up end-to-end recovery. Essentially, orchestration determines the optimal sequence for bringing up various interconnected systems during a recovery. It outlines the ideal order in which you should restore systems, identifies any intermediate steps required for validation at each stage, and ensures a smooth and orderly restoration.
3. Preparedness – Consider a fire drill in an office building to draw an analogy. During the exercise an alarm alerts employees to the threat. Exit signs guide them to use the stairs instead of the elevator and gather at designated safe locations predetermined by the business. Resilience preparedness works the same way. Workers go through regular exercises to ensure everyone knows the necessary actions and execution processes in an emergency.
RPO, RTO, and allowable downtime
A comprehensive backup testing strategy should include the recovery point objective (RPO) and recovery time objective (RTO). An organisation can determine its RPO by the amount of data loss it can tolerate in case of an incident. It’s the amount of time that can pass during the incident before the quantity of data lost exceeds the tolerance deemed allowable. RPO establishes backup frequency, whether every hour, 24 hours, or seven days.
RTO, for its part, represents the time allowable to recover and restore operations to a fully functional state after an incident. Recovery is a period of disruption during which new businesses, employees, and day-to-day operations are all affected. Organisations should validate their assumptions regarding the impact of disruptions and allowable recovery time as part of their testing strategy.
To improve their data recovery capabilities and align with their acceptable downtime, organisations may need to implement more robust backup and recovery solutions and enhance disaster recovery plans that are regularly tested and updated.
Organisations that prioritise preparedness can better mitigate the negative impacts of data loss and minimise downtime, safeguarding their operations and reputation. Preparedness is crucial in determining whether an organisation will bounce back from an incident or fall flat into failure.
