How confident are you that your business will continue to operate in the event of a cyberattack? How would you recover? What would be the impact?

IT security and business continuity leaders often face these questions from their chief executives or boards. In all likelihood, they often ask themselves these questions. A strong cyber resilience strategy that provides a unified approach combining cybersecurity with data protection and disaster recovery methods can help businesses protect against and rapidly recover from disruptive cyber incidents.

In September 2020, a crippling malware attack brought down the computer systems of one of the largest hospital chains in the United States. The company had to shut down all remaining systems used for medical records, laboratories and pharmacies across nearly 250 facilities to prevent further spread of the malware. It also had to cancel surgeries and divert ambulances, while its healthcare workers switched to paper records for patients.

Around the same time, a hacker released private and confidential information on students after school district officials refused to pay ransom in return for unlocking district computer servers he had hacked into and encrypted.

Such breaches could happen to large enterprises, even those with robust security technologies in place. Today’s malware can affect systems and networks even if they seem fully patched, leading to high financial costs. For example, in April 2020 a multinational IT services company confirmed that its network was hit with Maze ransomware that encrypted its servers, disabled tools used to automate and provision devices, and inhibited work-from-home capabilities. The initial financial impact to the company was estimated to be in the range of $50 million to $70 million.

According to a recent survey by IDC, the average cost of downtime exceeds $200,000 per hour. This cost estimate includes actual loss of revenue and cost of recovery, but doesn’t include regulatory penalties, loss of reputation and long-term brand damage.

Managing complex challenges and risks

Most cybersecurity programs continue to be hamstrung by organizations’ traditional perspective of investing in prevention technologies. This is largely due to their inability to fully evaluate the complex landscape of risks and threats – often manifested in deployment of multiple point solutions that generally have a shorter shelf life. This challenge can be aggravated by the unintended vulnerabilities created by digital transformation, IoT adoption and hyper-convergence.

A large number of organizations still have aging infrastructures and processes, which makes it challenging to segment their critical workloads from other workloads using legacy network infrastructure. While many organizations have business continuity and disaster recovery plans, their existing configurations may not allow for easy recovery because they were not designed to be resilient against destructive cyberattacks. In addition, existing incident response plans and playbooks may not be effective against evolving cyber threats.

And it doesn’t stop there. Let’s look at some of the other risks and challenges:

  • Cloud migration: The trend of workload migration to cloud is rapid and pervasive. But most organizations face challenges understanding dependencies and prioritizing what data and workloads to protect.
  • Shadow IT: The pressure for innovation and faster time to market, BYOD and the simplicity and agility of public cloud experience, coupled with legacy central IT procurement processes, fuel increased use of shadow IT.
  • Shortage of skills: Many recent studies point to a worsening cybersecurity skills shortage that may impact business and government organizations globally.
  • Organizational silos: Cybersecurity, business continuity and the teams that own systems and applications are siloed and have difficulty collaborating to solve critical problems.
  • Boardroom sponsorship: While the board needs access to cyber expertise for budget allocation and risk oversight and governance, security and business continuity leaders often struggle to translate IT risks into a business language the board understands.

Why build resilience?

Cybersecurity technologies have evolved by leaps and bounds during the past few years. We are getting better at securing our network perimeters, and threat intelligence today is powered by AI and machine learning. But adversaries are now as equipped and resourceful as legitimate business organizations – and they only need to get it right once, while we need to be right all the time. In the recent IDC survey, 73% of respondents indicated that they had experienced major security breaches of their IaaS environments in the past two years that involved the spending of significant extra resources to rectify. In fact, the median number of breaches in that time frame was 2.0.

With attacks becoming more malicious and techniques more advanced, the strategies and plans to mitigate the impacts of such attacks must also change. Businesses need new technologies and practices to survive and adapt to today’s cyber outage scenarios. Traditional recovery plans must change to support these new scenarios, and it will require new thinking and teaming between disaster recovery and security teams.

As IT and information security executives struggle to determine the appropriate technology areas to spend their limited budgets on, it is imperative that they take a holistic view of IT risks and build a robust cyber resilience program to keep their business processes and operations functional during and after a cyberattack. With a cyber-resilient environment, IT can be at the forefront of fostering relationships with business leaders and partnering with them to confidently drive their digital transformation journey forward.

Minimize the business impact of cyber attack by recovering quickly with an orchestrated resilience approach

More from Business transformation

Transformation of the digital customer experience

Key Takeaways The digital customer experience is evolving rapidly, and companies need to keep up. Companies should focus on the needs of their customers to provide an excellent digital customer experience. The transformation of the digital customer experience will rely on technology, but it will also require a change in culture for most companies. Security and Trust will remain key factors for the success of the digital payments’ world. Imagine that every time a payment is made, money is placed…

The missing link: Why visibility is essential to creating a resilient supply chain

Supply chain visibility has been the missing link since the shockwaves of 2020 rippled throughout the world and consumers felt the impacts of broad-based supply chain issues. But what does supply chain visibility mean? It’s generally defined as the trackability of parts, components or products in transit from the manufacturer to their destination—with the goal being to improve and strengthen the supply chain by making data visible, actionable and readily available to all stakeholders, including the customer. While it’s clear…

IBM and Adobe partnership: Advancing customer experience transformation

Customers expect your brand to deliver exceptional, personalized experiences across all channels on a 24/7 basis. Meeting these demands requires creating seamless and secure customer journeys built on real-time insights and data. To help businesses thrive in this customer-driven landscape, IBM® and Adobe continue to elevate their 20-plus-year partnership, bringing together innovation, technology and design to digitally reinvent modern businesses. Recently Adobe named IBM its International Delivery Quality Partner of the Year for the third year in a row. Additionally,…

The transformative power of ecosystem partnerships

The adage about keeping your friends close has taken on new meaning in the current world of business. Jason Kelley, Global Managing Partner and Strategic Partnership Lead, IBM Consulting, believes that today, organizations need to work with an ecosystem of partners to succeed, even if they’re competitors. A partner ecosystem approach upends the traditional paradigm of competition among enterprises, moving away from bitter rivalries toward a more fluid and collaborative path to success. “It’s not competition,” Kelley says. “It’s ‘coopetition.’” When…