Since the beginning of the pandemic, IT departments have sharpened their collective focus on cybersecurity. They’ve doubled down on protective measures to stop hackers from stealing data and launching record numbers of ransomware attacks. In the process, many may have taken their eyes off other threats that can cause just as much damage as a cyberattack.
Human error remains the most common cause of data loss. Studies show that corporations lose nearly five times the amount of data through accidental deletions and overwrites as they do from malicious incidents. Accidental configuration, application and user administration errors also can crash systems, delete data and cause costly outages.
Natural disasters are a growing problem. According to the recent UN Asia-Pacific Disaster Report 2021, these have been exacerbated by the persistent threat of COVID-19 which has merged with natural hazards, made worse by climate change, to reshape and expand the disaster “riskscape” in Asia and the Pacific. The UN study also called for a “paradigm shift” from managing disasters to investing in prevention and the building of resilience.
While increased attention to cyberattacks is warranted, organizations need to reprioritize their disaster recovery (DR) strategies to meet the real threat landscape we see today. They need to invest in employee training, automate functions in the DR process, and make sure DR plans and processes are ready to handle sudden, unforeseen incidents that threaten their business continuity.
APAC faces critical data recovery challenge
If they don’t, their operations will suffer. According to one study, 94% of companies globally that experienced a catastrophic data loss don’t survive; 43% never reopen and 51% shut down within two years. Those that do stay in business lose $84,650 per hour in lost revenue and productivity, according to Veeam’s 2021 Data Protection Report.
The report also dived into the views of more than 1,715 Asia Pacific organizations to understand how they approached data protection. Asia Pacific businesses reported that 56% of their data could not be recovered because of failed backup and recovery operations.
Can businesses truly afford to only recover half of their critical data in the event of downtime? While 82% of all organizations in the region recognized that they have an “Availability Gap” between how fast they can recover applications versus how fast they need applications to be recovered.
This must change, and employee training is a good place to start. Any organization that didn’t implement a new round of cybersecurity training for workers during the pandemic should make this a top priority. This should include usual best practices ranging from following incident notification procedures to selecting strong passwords to avoid phishing scams.
But training should extend to IT operators, as well. Configuration errors can be reduced by following a series of best practices. These include creating a single configuration source, providing an easy way to track configuration changes, and using DNS Service Names for all services.
Because there’s no way to test every conceivable condition, application errors will occur. But reviewing and upgrading testing procedures regularly can lead to improved performance and reduce the number of careless errors in everyday practice.
Priority to automate and streamline DR
Automation should be a top priority coming out of the pandemic. Not only does it reduce human errors in everyday processes – it gives staff more time to perform more strategic, higher-level tasks. This is just as true for IT as it is for those in the office.
Organizations increased their investments in automation technologies over the past two years, and they should continue to do so – to enhance productivity and provide higher levels of security.
Automating the disaster recovery process can save time and improve overall response. Today’s applications and data sets are larger and more complex, distributed, and interdependent than ever. This renders the successful recovery of even a single application — not to mention entire sites — incredibly difficult, making orchestration of recovery processes an indispensable tool.
Given the high stakes, now is a good time for organizations to look more closely at their DR plans and procedures to make sure they’re ready to implement in a quick fashion. Here are some tips to follow:
- Check the specifics: Having a plan that’s up to date and validated for a corporation’s specific business needs is critical. Needs have probably shifted since the pandemic started. If you haven’t revisited your plan in more than a year, it should be a top priority.
- Review your documentation: Having easy-to-follow, comprehensive documents available during system restores can save time and avoid stress. These are time intensive to create and they should be continually reviewed – preferably by the people who’ll have to use the documents when it’s time to dust them off.
- Update identity accesses: With changes in service consumption, gaps have likely developed from an identity confirmation standpoint. Make sure the right people are authorized to perform critical system functions during that time-sensitive period when systems are down.
- Rethink DR/resilience plans: With increased usage of external devices, organizations should rationalize their plans to incorporate end-to-end protection, from the workforce to the endpoint.
- Ramp up testing: Test each application individually to make sure you’re meeting your key metrics – mainly the recovery time objective (RTO) and recovery point objective (RPO).
Conclusion
Cyberattacks are on the rise, and organizations need to devote significant amounts of attention to protect against them. But disasters come in different forms. To ensure they’re protected once one hits, IT departments should make sure their recovery plans and procedures are in place. Their businesses depend on it.
