The final go-live of the General Data Protection Act in May has stolen all the headlines in recent months, placing cyber security at the top of the corporate IT priority list. The threat of massive fines for non-compliance (up to €20m or 4% of global turnover) have certainly caught the attention of C-suite decision makers.

Malicious activity is not just focused on stealing data either; having line-of-business systems go down is also incredibly expensive in more ways than one. The 2017 WannaCry ransomware attack that crippled several UK hospitals never actually stole any data, but it did cause the cancellation of thousands of patient operations and cost millions of pounds to recover from.

A few weeks later, Ukrainian businesses and government were paralysed when the Petya virus was targeted at key industries. Recovery took several days, again costing millions of dollars. Analysts suspect that the infection may have even been perpetrated by a foreign nation state given the level of sophistication of the attack.

Obviously these incidents were caused by external parties – but internal processes and system design are a big part of the problem. The reality is that downtime has a massive impact, and becoming cyber resilient is the wisest thing to do.

Understanding cyber resilience

At the most basic level, cyber resilience can be summed up with the acronym “CIA” - confidentiality, integrity and availability (1). Current debate senders on the confidentiality aspect of the CIA triad, primarily because it is most closely associated with cybercrime trends.

Focusing on just one aspect of the CIA triad creates imbalance, reducing the effectiveness of an organisation’s cyber resilience strategy. Availability and integrity are equally important as confidentiality.

The dangers of downtime

In the age of instant gratification, customers expect to be able to access your online services whenever and wherever they choose. Your competitors are never more than a click away, and downtime may be the only incentive they need to make the jump.

Remember that 64% of consumers and 80% of business buyers expect your organisation to respond to their queries in real time (2). If your systems are down, you will be unable to meet the expectations (and needs) of the large majority of your customers.

IDC once tried to calculate the cost of downtime to business. According to their estimates, the average organisation loses $100,000 per hour – although that figure may reach $1.6m in some cases (3). Whatever the cause of the outage – crime, accident or system failure - these figures are unsustainable.

Cyber resilience – simple and inexcusable

With the advent of distributed Cloud services, much of the risk attached to localised data centres has been mitigated. Placing key items of infrastructure into Amazon AWS or Microsoft Azure allows your business to spread the computing load across the provider’s global network of servers. Cyber resilience is much easier to achieve with the tools from these platforms (if properly managed), dramatically reducing (or even negating) the effect of a localised cyber attack or outage.

The same is also true of hosted services that run in the Cloud. Built on similar technology stacks, cyber resilience is offered as standard thanks to the distributed nature of the application architecture and data storage.

Cyber attacks, malware and outages caused by human error all present a significant threat to your business, which is why making your business cyber resilient needs greater priority in your 2018 computing strategy. To counter these challenges, your CTO and CIO need to seriously consider:

  • Re-engineering infrastructure using Cloud services and co-location to improve availability.
  • Deploy Cloud-based third party services and applications to avoid localised outages, mitigate targeted cyber attacks, maintain data integrity through distributed data centres and reduce capital spend.
  • Adopt security as a service models to stay ahead of the newest vulnerabilities and avoid problems caused by skills shortages.
  • Challenge conventional thinking – resilience is the flip-side of security and both need to be addressed together.

The solutions to a lack of resilience already exist – and they are far more cost-effective than traditional, in-house managed, co-located infrastructure-based options.

After all, doing the same things in the same you have always done leaves your business vulnerable to emerging threats.

To learn more about how to improve cyber resilience with security solutions and services from Advantio, please get in touch.

Sources referenced in this article


Marco Borza

Written by Marco Borza

I am the Founder of Advantio.
Technology has been my passion since I was a kid; when I first heard the handshake of an old 300bps modem I realised security would be key in an interconnected world. Since then it has become my passion and primary focus.
The reason why I've started my own business is to make IT Security simple.

Certifications: CISSP / CCSA (Checkpoint) / ITIL Foundations / ACSA (ArcSight)/ Linux+/ PCI-QSA / PA-QSA