SMEs Must Plan for Recovery from Cybersecurity Attacks Amid Shifting Threats, Says MIT Technology Review Insights
A well-crafted — and tested — disaster recovery plan can minimize downtime and is a key component of business continuity plans.
November 2, 2022
PRESS RELEASE
CAMBRIDGE, Mass., Nov. 2, 2022 /PRNewswire/ — A new report by MIT Technology Review Insights explores why cybersecurity attacks pose an existential risk to small and midsize enterprises (SMEs) and how they can plan for disaster recovery in case of an attack.
The report, "A new age of disaster recovery planning for SMEs," is produced in association with OVHcloud and draws on in-depth interviews with cybersecurity experts from technology firms including VMware, Fortalice Solutions, and 451 Research. The findings are as follows:
Cyberattacks have grown more frequent and sophisticated, and SMEs are in the firing line. The data tells a worrying story. With the pandemic, along with geopolitical factors, causing shifts in how we live and work, the case for disaster recovery planning has never been more urgent. According to one cross-industry study, midsize companies were almost 500% more likely to be targeted by the end of 2021 than two years ago.
A well-built disaster recovery plan can significantly minimize and even eliminate downtime. Disaster recovery plans are a key component of business continuity plans. While business continuity focuses on overall strategy, including policies and procedures for recovery following an incident, disaster recovery focuses on IT infrastructure, data, and applications. A well-crafted disaster recovery plan includes clear definitions of recovery time objective (RTO) and recovery point objective (RPO).
Backups and replication of data are essential for disaster recovery. With cybercriminals spending over 200 days in companies' systems before being noticed and corrupting backups, SMEs need to store their data in multiple formats on different systems or look toward a data replication solution to ensure near-instantaneous recovery.
An unexamined disaster recovery plan could bring enterprises back to square one. Disaster recovery plans are essentially pointless without regular practice runs—and how often this practice should be done depends on how fast an organization is growing or adopting new technologies. Experts say such plans should be updated and tested at least annually, and ideally every quarter.
"Today's data is generated and distributed across highly complex ecosystems—multicloud, hybrid cloud, edge, and internet of things," says Kwee Chuan Yeo, editor of the report. "Enterprises' surface exposure to risks has ballooned. It's not just big corporations that are at risk. Smaller, less sophisticated companies are easier targets due to their lack of resources and expertise."
"While having the right disaster recovery plan for your business needs is critical to your business continuity, it's just as important that sufficient measures are taken to ensure IT resilience can be achieved at both the software and infrastructure level," says Jeffrey Gregor, OVHcloud US General Manager. "Distributed data protection, as the name implies, is when your data is distributed across multiple geographical locations. Making your data available in more than one place helps achieve a more robust disaster recovery plan in the event one location is compromised."
To download the report, click here.
About MIT Technology Review Insights
MIT Technology Review Insights is the custom publishing division of MIT Technology Review, the world's longest-running technology magazine, backed by the world's foremost technology institution—producing live events and research on the leading technology and business challenges of the day. Insights conducts qualitative and quantitative research and analysis in the US and abroad and publishes a wide variety of content, including articles, reports, infographics, videos, and podcasts. And through its growing MIT Technology Review Global Insights Panel, Insights has unparalleled access to senior-level executives, innovators, and entrepreneurs worldwide for surveys and in-depth interviews.
SOURCE: MIT Technology Review Insights
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024