Cyberattacks are costly, in terms of both time and money. Companies typically take 2 to 3 weeks to recover from a ransomware attack and the average ransom payout is $5.2 million. But things are changing. Increasingly, we’re seeing attacks that are purely malicious. They’re carried out with military-style software and aim to destroy data rather than command a ransom.
What best practices should your company implement to reduce risks and minimize the impact of a cyberattack? We asked François Morin, Senior Sales and Storage Specialist at IBM Canada.
We're hearing that it's no longer a question of "if" a company will be attacked, but "when." Is this true?
Yes, definitely. No company is immune, regardless of its size. Even with best practices and heightened vigilance, it's impossible to completely block out attacks. Doing so would meaning working in a vacuum, without internet access. It's simply unrealistic.
What can organizations do to reduce the risk of cyberattack?
At IBM, we talk about before the boom and after - with the boom being an attack. Prevention is key. This includes implementing best practices in the areas of encryption, access management, system updates and the use of advanced detection software. And, of course, we also need to make sure that employees are aware of fraudulent practices and receive training on how to keep cybercriminals out.
When an attack occurs despite all your efforts, how can businesses minimize the damage?
Proper advance preparation is important. Ideally, the company should have a game plan that outlines how it will respond, depending on the type of attack. However, it would be a mistake to aim for a complete return to normal, since this is almost impossible to achieve. If your systems have been attacked, data may be missing. Backup recovery for all systems is extremely time-consuming and labour-intensive. According to our research, it takes organizations an average of 23 days to become functional again, with priority systems back up and running. In the interim, the long-lasting paralysis is both costly and very damaging to the brand's reputation.
What should companies aim for instead?
At IBM, our strategy is a little different from the current norm and allows us to get systems back up within a few hours, which is much faster. Our approach to protection involves using immutable backups and initially prioritizing the most critical servers. These backups are automated and stored in inaccessible vaults. In the event of an attack, the backup copies are recovered and deployed to test environments for validation before putting the systems back into production in a very short time frame.
In a perfect world, we want to recover everything and get the other systems back afterward. But the key is to start by restoring operations quickly. Priority goes to transactional servers, the company's main website and its transactional site, as well as databases related to merchandise and customers. Essentially, we first focus on the company's core business.
But it's also important to never assume you're safe, even if you've implemented comprehensive prevention and response strategies. Things are changing very quickly. Who knows where we'll be in 6 months' time? Cybersecurity governance is something that needs to be continually updated to keep your organization cyber-resilient.