Today, it is no longer possible to completely protect yourself from cyberattacks. We must therefore prioritize business continuity, even in degraded mode, to ensure the survival of organizations.
Faced with the explosion of cybercrime, it is no longer possible to completely protect ourselves: one in two French SMEs say they have already been affected (Watchguard survey, September 2024). We must therefore prioritize the continuity of services, even in degraded mode, to ensure the survival of organizations, through high resilience projects.
A massive wave that is now difficult to contain
It is difficult today for companies and public actors to face increasingly massive cyberattacks: in 2023, 94% of IT and security managers declared having suffered a major attack, with an average of 30 attempts annually. (Source: Rubrik Zero Labs); between February and March 2024, town halls experienced a 95% increase in these attempts (source: Mailinblack).
A “belt and suspenders” IS that ensures business continuity
In an ideal world, to fully absorb an attack, an organization should be equipped with three essential tools:
- A business continuity plan (BCP), a strategic document which makes it possible to analyze the risks and impacts facing the structure. The latter must analyze critical systems and define the applications to be restored as a priority in the event of an interruption, depending on the nature of its activity. For each, it must calculate an RTO (Recovery Time Objective) which represents the maximum admissible interruption duration. This can vary depending on the activity and the period: restarting the CRM is critical for an e-commerce company while the payroll management software can be restored with a little delay if the The attack occurs in the middle of the month.
The BCP also sets crisis procedures which make it possible to organize, under stress, the tasks to be carried out in a precise order as well as rules for internal and external communication.
- A process and data recovery plan. This must be anticipated thanks to regular and immutable backups. They must be both local and in the cloud in order to deal with direct attacks but also with incidents that take place within the data center. In the event of a disaster, it is then possible to use these backups to restore data and applications. Provided that they are encrypted to avoid cryptolocking.
But it’s far from enough. The backup process must be coupled with a data replication process to maintain a real-time copy of the most sensitive information in the cloud and across multiple locations (in real time, asynchronously or, for maximum security, from synchronously.)
- A business recovery plan. For more mature organizations, it is also possible to consider several DR site (Disaster Recovery site) options which will act as backup sites to ensure the continuity of operations on the main site. Three options are possible: hot (a secondary site always ready to take over), cold (after a certain configuration time), warm (an intermediate solution partly pre-configured). These sites must be enriched with Disaster Recovery plans, through orchestration tools that automate the failover and recovery processes.
These three tools can be complemented by the implementation of redundant networks and elastic Cloud services
AI, an opportunity for organizations hampered by lack of resources?
IT systems managers are aware of the challenges of continuity of services (both for the organizations themselves and for users, particularly in communities and sectors such as health). However, they are hampered by the financial investment essential for setting up a dual infrastructure (operational and back-up). These structures must then prioritize data backup which makes it possible to secure the essentials and ensure minimal activity, without delay.
AI-based tools could represent an opportunity: if they do not drastically reduce costs, they could limit the impact of cyberattacks by offering more responsiveness and promoting faster recovery.
