In 2015, Gartner analysts began pushing the idea that sooner or later every organization will be attacked and likely breached, regardless of what security measures they have implemented. Since then, most companies and government agencies have accepted this harsh fact of digital life – no doubt mainly because of its consequences.
The damage resulting from violations is far-reaching and extends beyond financial losses to include reputational damage, eroded trust, regulatory scrutiny, heavy fines and even job losses at the highest levels. As a result, cybersecurity planning has taken center stage, layers of control have been added, and security investments have skyrocketed. Some market forecasters say the market will reach a staggering $260 billion in value in the near future.
Decisions to allocate more resources to defense are commendable as proven technologies and strategies have developed to a point where ROI is measurable. Organizations can now see how many attacks they are enduring, how many they are stopping, and which solutions are providing them with effective performance levels. However, as someone who constantly interacts with public and private sector organizations across a range of sectors, I have noticed a worrying trend – an over-emphasis on detection and prevention, coupled with insufficient focus on recovery.
Chief Product Officer at Absolute Software.
Resilience is crucial
Increased awareness of cybersecurity risks has led to an influx of investments in various cybersecurity solutions. As organizations work to strengthen their digital ecosystems, they have poured significant resources into advanced threat detection tools, artificial intelligence-based security, state-of-the-art firewalls, and more. This financial commitment reflects their determination to stay one step ahead of the adversaries. This is important because these precautions serve their intended purpose and often prevent attacks.
However, when a ransomware attack occurs, they shut down organizations for longer than ever. In 2017, international shipping giant Maersk was crippled for 10 days by NotPetya ransomware, losing an estimated $300 million. In 2021, major energy supplier Colonial Pipeline fell victim to another ransomware variant that shut down a major fuel pipeline on the East Coast, panicked millions of consumers and caused the company to pay a $4 million ransom to restore its systems.
While detecting and stopping threats must remain critical, resilience must be considered equally crucial. Only after an attack has been identified and neutralized does the real work begin and the costs begin to mount – both financial and otherwise.
Investing in resilience
Continuity is more important than ever now that so many people are working remotely. For employees, being taken offline by a security attack can lead to loss of profits, productivity and more. Regardless of industry, every microsecond counts when it comes to getting back online after a cyber attack.
If you are a security and risk professional, you may have experienced an incident in which ransomware bypassed perimeter defenses, infected thousands of globally distributed laptops, and locked out every employee from the network – for an extended period of time.
Budget allocation does not help resilience efforts. In the US, the average organization spends just 12% of its IT budget on cybersecurity, with one in five schools deploying less than 1%. The lion’s share of this amount is spent on preventive measures. This means that when attacks occur, organizations wonder how to get their systems back online without paying a ransom. So far in 2023, nearly 73 percent of companies worldwide paid ransoms to recover data. Without reactive strategies, organizations have no choice but to pay ransoms to keep employees productive, their information safe, and business continuity.
Time to rebalance
Unfortunately, the changing threat landscape requires organizations to accept the inevitability of cyber threats. Gartner’s prophetic statement has paved the way for a substantial increase in cybersecurity investments. However, the prevailing focus on detection and prevention has overshadowed the crucial aspect of recovery, leaving organizations struggling in the aftermath of cyber attacks. To achieve true cyber resilience, organizations must recalibrate their approaches and invest in preparedness, response and recovery strategies that ensure they are able to quickly resist, recover and adapt in the face of ever-changing cyber threats .
Minimizing downtime after an attack ensures that organizations can recover quickly and get back online in just microseconds, while unprotected organizations can take days or even weeks. Only then can they confidently navigate the digital world and protect their most valuable assets from ruthless adversaries.
We’ve highlighted the best business VPN.