Cyber threats and ransomware continue to shift and evolve, security does not mean just encryption anymore but also encompasses business continuity. The real-world consequences of a successful cyberattack have been clearly highlighted this week with the closure of one of the largest pipelines in the U.S. due to ransomware. Responsible for almost half of the east coast’s road and jet fuel, the attack on Colonial Pipeline was a major incident. Attackers stole and encrypted over 100GB of data crippling the pipeline’s operations, and the consequences were left for all to see. This was a costly event for Colonial. Though not confirmed by Colonial, a $5 million ransom was paid along with additional wages, consulting fees, lost revenue and tarnishing of the Colonial brand.
It right to put the complete blame on the attackers. However, by neglecting to adequately plan and prepare for such a foreseeable occurrence, Colonial’s Executive Leadership failed its shareholders and customers, as it took far too long to bring operations back online
It is not just critical infrastructure; organizations of all sizes are becoming targets of opportunity. Check Point Research shows attacks in the U.S. have increased by 300% in the past nine months.
While backups are important and can be life saving for a business, Business Continuity Planning is equally imperative. Although overlapping, these terms represent uniquely different mindsets when it comes to data protection.
Data backup answers the questions: is my data safe? Can I get it back in case of a failure?
Business continuity involves thinking about the business at a higher level, and asks: how quickly can I get my business operating again in case of system failure?
Data backup is a good first step. But in case of a failure, you must be able to get that data back and restore it quickly enough, so it does not impact your business operations. For instance, you experience a server failure – remember hardware failure is the number one cause of lost data – you would not be able to get back to work if you only have a file-level backup.
For you to be able to get your operations back online, your server would need replacing, all software re-installed, configure setting and then restore files. This process could take anywhere between hours to days – while your users and customers face inconveniences leaving you with potential revenue and reputation loss.
RTO and RPO
If you have planned for business continuity however, you may have thought in terms of Recovery Time Objective (RTO), and Recovery Point Objective (RPO).
RTO (Recovery Time Objective): The duration of time within which a business must be restored after a disaster or disruption to avoid unacceptable consequences associated with a break in business continuity.
RPO (Recovery Point Objective): The maximum tolerable period in which data might be lost due to a disaster.
By calculating your desired RTO, you have determined the maximum time that you can be without your data before your business gets into serious trouble. Alternatively, by specifying the RPO, you know how often you need to perform backups depending on how much data you can afford to lose without damaging your business. You may have an RTO of a day, and an RPO of an hour. Or your RTO might be measured in hours and your RPO in minutes. It’s all up to you and what your business requires. But calculating these numbers will help you understand what type of data backup solution you need.
How much will downtime cost you?
Once you determine your RPO and RTO, it is time to calculate how much downtime and lost data will cost you.
Answer the following questions:
- How many employees would be affected if critical data were unavailable?
- What is the average wage of the affected employee (per hour)?
- What is the per-hour overhead cost of the affected employees?
- How much revenue would be lost per hour because of the unavailability of data?
Simply add up the average per-hour wage, the per-hour overhead, and the per-hour revenue numbers and you have how much a data loss will cost you.
Given that funding and budget constraints can be a significant challenge (43%) for a business to implement a business continuity solution, calculating your RTO will give you the financial validation needed to justify its purchase and maintenance.
Calculating the real costs associated with data loss gives SMBs a better understanding of the risks relating to business failure. And thinking about your business in these terms puts your backup solution into perspective.
Set up an appointment with us to plan set up your backup and business continuity plan now. The “it-won’t-happen-to- me” mindset is ignorance, if it happens to you and you are not prepared, is just a chilling thought especially when we hear that Colonial Pipeline paid $5 million dollars to get their data back.