Overview
Cyber threats and ransomware continue to shift and evolve. Security does not mean just encryption anymore but also encompasses business continuity. The closure of the largest pipelines in U.S highlighted the real-world consequences of a successful cyberattack. The ransomware was responsible for almost half of the east coast’s road and jet fuel. However, the attack on Colonial Pipeline was a major incident. The attackers stole and encrypted over 100GB of data crippling the pipeline’s operations. The event’s consequences were costly and witnessed by everyone. Even though, the Colonial does not confirm they paid a $5 million ransom along with additional wages, consulting fees, lost revenue. Overall, it tarnished the Colonial brand.
Indeed, it is right to put the complete blame on the attackers. However, it is neglectful to adequately plan and prepare for such a foreseeable occurrences. The Colonial’s Executive Leadership failed its shareholders and customers as it took far too long to bring operations back online.
It is not just critical infrastructure; organisations of all sizes are becoming targets of opportunity. Check Point Research shows attacks in the U.S. have increased by 300% in the past nine months.
What is Data backup and Business continuity
While backups are important and can be life saving for a business, Business Continuity Planning is equally imperative. Although overlapping, these terms represent uniquely different mindsets when it comes to data protection.
Data backup
Answers the questions: is my data safe? Can I get it back in case of a failure?
Business continuity
involves thinking about the business at a higher level. Questions often asked are: how quickly can I get my business operating again in case of system failure?
Server Failure
Data backup is a good first step. In the case of a failure, you must be able to get that data back and restore it quickly enough. Consequronyly, business operations are not impacted. For instance, you experience a server failure – remember hardware failure is the number one cause of lost data – you would not be able to get back to work if you only have a file-level backup.
For you to be able to get your operations back online, your server would need replacing, all software re-installed, configure setting and then restore files. This process could take anywhere between hours to days – while your users and customers face inconveniences leaving you with potential revenue and reputation loss.
RTO and RPO
If you have planned for business continuity however, you may have thought in terms of Recovery Time Objective (RTO), and Recovery Point Objective (RPO).
RTO (Recovery Time Objective)
The duration of time within which a business must be restored after a disaster or disruption to avoid unacceptable consequences associated with a break in business continuity.
RPO (Recovery Point Objective)
The maximum tolerable period in which data might be lost due to a disaster.
By calculating your desired RTO, you have determined the maximum time that you can be without your data before your business gets into serious trouble. Alternatively, by specifying the RPO, you know how often you need to perform backups depending on how much data you can afford to lose without damaging your business. You may have an RTO of a day, and an RPO of an hour. Or your RTO might be measured in hours and your RPO in minutes. It’s all up to you and what your business requires. But calculating these numbers will help you understand what type of data backup solution you need.
How much will downtime cost you?
Once you determine your RPO and RTO, it is time to calculate how much downtime and lost data will cost you.
Answer the following questions:
- How many employees would be affected if critical data were unavailable?
- What is the average wage of the affected employee (per hour)?
- What is the per-hour overhead cost of the affected employees?
- How much revenue would be lost per hour because of the unavailability of data?
Simply add up the average per-hour wage, the per-hour overhead, and the per-hour revenue numbers and you have how much a data loss will cost you.
Given that funding and budget constraints can be a significant challenge (43%) for a business to implement a business continuity solution, calculating your RTO will give you the financial validation needed to justify its purchase and maintenance.
Calculating the real costs associated with data loss gives SMBs a better understanding of the risks relating to business failure. And thinking about your business in these terms puts your backup solution into perspective.
Set up an appointment with us to plan set up your backup and business continuity plan now. The “it-won’t-happen-to- me” mindset is ignorance, if it happens to you and you are not prepared, is just a chilling thought especially when we hear that Colonial Pipeline paid $5 million dollars to get their data back.
