In a recent Accenture survey nearly two-thirds of C-suite executives polled said cyber attacks occur daily or weekly, yet only a quarter said their company always incorporates measures into the design of its technology and operating models to make them more resilient. This raises the question of how best can companies assess and improve business resilience?
While there are some common threads to resilience there is no simple "one size fits all" set of answers, as it depends on company size and the market it operates in.
The basic threads to resilience are, or should be, well known and cover such areas as ensuring operating systems and applications are current supportable versions, security patching across the IT estate is up to date – not just operations, but applications and infrastructure devices such as Ethernet switches, Wi-Fi access points and firewalls – and that regular backups are made and tested for effectiveness. These basic steps will work for any business of any size.
Backing up systems and data is a key to recovery should things go wrong – but as important is the ability to recover backed-up data when required, hence the need to regularly test any backup. Operating two or more file systems in a master/slave type operation with overnight replication is a good way to keep company data available and taking snapshots of databases through the day is also recommended – but these mechanisms should be in addition to any backups, and not in place of.
Should disaster strike, requiring the recovery of the IT operation and data, will good backups be sufficient? No, unfortunately not. Account must be taken of the IT hardware in use, particularly if recovery is not to the same IT infrastructure the backup was taken from. Server hardware changes over time and a backup is not guaranteed to recover on newer hardware or hardware of a different manufacturer.
Read more about resiliency to reduce the impact of cyber attacks
Hours (perhaps days) could be spent patching software drivers to get a backup operational, but there is an alternative. A company could look to virtualising its servers. Here the virtualisation layer (VMware, Microsoft HyperV, ZEN etc.) isolates a server operating system from the underlying server hardware, meaning that – providing the same virtualisation layer is provided – a backup can be restored to any server hardware. The caveat, of course, being that the capability of the underlying server hardware is as good (or better) than the original (for example, in its RAM, CPU and disk).
Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.
