Test your team, not just your disaster recovery plan
By Dave Russell, Vice President Enterprise Strategy, Veeam Software
Monday, 20 December, 2021
Disaster recovery (DR) has evolved into a central mechanism for safeguarding today’s enterprises against the rising threat of cybercrime and natural disasters.
With 86% of TrendMicro survey respondents across APAC expecting their organisation to face a cyber attack within the next 12 months, putting DR plans to the test before a disaster strikes is critical. Sadly, however, DR testing seems to be a dying art. This is because data centre professionals are stretched very thin and don’t have the time or tools to test more frequently.
DR testing matters because the recovery process is based not only on your recovery procedures but on coordination, collaboration and sequencing of your internal team members. The structures put in place must be maintained across storage, network, applications, databases and other remote working platforms.
While cyberthreats can put a huge strain on a business’s productivity and ability to quickly restore data, there is a much more common, yet overlooked, security threat — unintentional human error. In fact, during the pandemic, 38% of all data breaches in Australia resulted from human error, an 18% increase year-on-year. Automated DR detection software can be useful in identifying odd behaviours and signs of a breach in a disaster environment; however, the first line of defence is always a business’s employees.
What is a DR plan?
We define DR plans as a set of procedures which must be taken due to an unplanned event that disrupts the company’s resources and puts day-to-day processes and operations at risk. Disasters come in all forms and sizes and may happen due to a multitude of reasons. The Asia–Pacific region is certainly no stranger to these kinds of impediments, whether in the form of natural disasters, hardware failures, cybercrimes and/or human error.
Planning ahead helps businesses determine the best strategy to combat the threat of disasters and reduce any downtime as a result. With the number of attack vectors continually expanding, DR plans are essential for business continuity.
The human side of technology
It is an inescapable truth that data loss will occur because of human error, so all organisations must remain vigilant and educate their employees on how to best mitigate these events. In fact, according to a recent report by PC World, 75% of data loss is caused by human error.
Furthermore, the United Nations revealed that countries in Asia and the Pacific are four times more likely to be affected by natural catastrophes than those in Africa and 25 times more vulnerable than Europeans or North Americans. The scale and complexity of these disasters inevitably produce human errors when responding.
The most common reasons cyber breaches occur include email misdelivery, accidental deletion, poor IT hygiene, data corruption and outdated security training for employees. What’s the connection? They can all be minimised through employee training, strict internal policies and a more comprehensive understanding of today’s cybersecurity landscape.
Preventing data loss through human error
Reducing human error should not be reactive; rather, proactive measures should be put in place to ensure an immediate response and decrease total data loss when faced with disasters. Employee training, internal regulations and job design are some effective controls businesses can use.
A report by Forrester Consulting found that in APAC 53% of businesses agree that their managers do not stress the importance of good security practices and training. Whether it’s part of a holistic IT strategy or separate, organisations should be educating all staff on safe practices when online — particularly those working remotely. This can greatly reduce the risks of data loss caused by ransomware or other forms of malware.
As important as getting non-IT staff well trained in cybersecurity, every member of a business IT team should regularly undertake training and regular upskilling drills. IT teams play critical roles in a DR plan and keeping the system available and accessible in emergencies. A comprehensive understanding and analysis of the cyber landscape is essential to implementing the most efficient and effective recovery plan.
Employees need to understand the organisation’s best practice policies — limiting file access, using strong passwords and authentication, promoting good back-up habits, using a secure network and routine cyber hygiene checks. This, in combination with the right IT strategy, greatly minimises the risk of incidents caused by human error.
Never underestimate the importance of the human touch
While automated DR tests serve an important purpose, they only test the technical component of a DR plan. In the event of a real disaster, staff will also need to work quickly and expertly to rapidly restore uptime. Conducting both physical tests and simulated tests in advance will help ensure your team is prepared to execute against your policies and procedures. This is an area where silos or ‘teams vs individuals’ mentalities have no place.
Always remember, employees can be your biggest asset in a disaster. Putting the time and effort into upskilling staff ahead of time can be the difference between surviving and thriving.
There was a stark increase in both the number of publicly disclosed data breaches in 2021 and the...
Password-only cybersecurity will become less effective in 2022, with passwordless authentication...
A "persistent and determined" APT actor has exploited vulnerabilities in Zoho software...