Evaluating Your Cyberattack Resiliency

The Bocada Team | November 17, 2022

A cyberattack isn’t a matter of if, but when. According to Accenture’s State of Cybersecurity Report, companies experienced an average of 270 cyberattacks in 2021, a 31% increase over the prior year. Even more precarious is the impact of cloud migrations on cybersecurity readiness. The same report found that more than one-third of organizations will have most of their infrastructures in the cloud within five years. Yet one-third of individuals overseeing these migrations say security is not part of the cloud discussion.

In this world of greater IT risk, Accenture splits organizations into one of two groups: Cyber Champions and Cyber Risk Takers. Each faces cyberattacks. However, the difference is their attack resiliency. One is six attacks on Cyber Champion infrastructures breach IT systems, considerably better than one is two for Cyber Risk Takers. Further, Cyber Champions find 55% of their breaches in less than one day. Cyber Risk Takers only find 15% of breaches in this time span. Lastly, 72% of breaches have zero impact on Cyber Champions. Meanwhile only 23% of breaches have zero impact on Risk Takers.

How do you evolve your organization into being a Cyber Champion? By adopting IT infrastructure practices that proactively identify problems and safeguard critical data in the event of successful penetrations.

Gauging Your Cyber Resiliency

To identify where you are on this cyber resiliency spectrum, review the statements below:

  • We can restore our data in the event of a cyberattack.
  • We are confident that all key resources have backup protections in place.
  • We have established, automated processes to quickly remediate failed backups.
  • We use our backup operations to identify in-progress cyber-attacks.

Cyber Champions read these statements and answer “yes,” with confidence, to each of them. Those answering “no” or with any level of uncertainty fall with the Cyber Risk Takers.

Let’s look at each of these statements to better understand what helps Cyber Champions answer “yes” and be confident in their cyber resiliency.

We can restore our data in the event of a cyberattack.

At its core, this statement points to organizations that have clean backup procedures in place. This spans everything from established backup policies for different types of assets, clear data retention protocols, and regularly met backup success rates.  

Complete visibility over these dimensions, and having processes in place to monitor adherence, affords organizations peace of mind that data is restorable. However, this is easier said than done. Organizations with heterogeneous backup environments, as well as backups dispersed across on-prem and cloud infrastructures, are more prone to losing proper oversight.  

Cyber Champions aggregate and centralize this information on a central dashboard to remove uncertainty. They quickly benchmark how their teams and organization are performing to goals and assess if their data is restoration ready.  

We are confident that all key resources have backup protections in place.

While related to the first phrase, this phrase ups the ante.

Organizations with strong backup protections should be able to restore backed up data in a timely fashion. However, it’s still possible for these organizations to not have everything backed up. This is especially the case in fast-paced environments where dispersed teams are empowered to spin up VM’s and other resources with little oversight. In this scenario, no matter how good the individual backup protocols are, valuable data isn’t in the backup job queue to begin with.

Cyber Champion organizations anticipate this and have proactive processes for identifying unprotected resources. With automated tools, they reconcile asset inventory lists against backup job logs to identify and patch data protection holes.

We have established, automated processes to quickly remediate failed backups.

Part of ensuring that data is restoration ready is keeping backups running smoothly. Behind the scenes, what this really means is regularly troubleshooting issues standing in the way of successful backups.

It’s an inevitable process that leaves data unprotected while issues get corrected. However, minimizing remediation cycles minimizes the time data is left unprotected.

Cyber Champions automate key parts of the remediation cycle—critical failure identification, ticket creation and population, ticket management, ticket closure—to shorten resolution windows and increase the chances of all data being restorable.

We use our backup operations to identify in-progress cyber-attacks.

While backing up data is often conceived of enabling reactive data restoration in the event of a cyber-attack, there is also a place for it to take a proactive role.  

Cyberattacks, especially ransomware attacks, often impact the actual bytes of data available for backup. Depending on the type of attack, it can result in an unexpected drop or increase in bytes, and therefore an unexpected change in the bytes being backed up.  

Cyber Champions have automation tools that identify unusual backup byte variances and have ways to get ahead of cyberattacks. These tools identify bad actors before other solutions do and help decrease the breach identification timeline.