According to Accenture, more than a third of cyberattacks target small businesses, but only 14% of them are prepared to defend themselves.1 Cyberattacks can hit many small and medium enterprises (SMEs). ) suffer from financial and productivity losses, operational disruptions, extortion payments, settlement costs and regulatory fines.
Given this context, experts say it’s time to plan for when, not if. A clear disaster backup and recovery plan — with a focus on IT infrastructure, data, and applications — to implement disaster recovery processes is critical to business continuity strategy of all businesses. This report explores what disaster recovery planning entails and how SMEs can do it in today’s rapidly evolving cyber landscape.
The following are the main findings of the report:
- Cyberattacks are becoming more frequent and sophisticated, and small and medium businesses are in the spotlight. The data tells a disturbing story. With the pandemic, along with geopolitical factors, causing changes in the way we live and work, disaster recovery planning has never been more urgent.
According to an interdisciplinary study, midsize companies are nearly 500% more likely to be targeted by the end of 2021 than they were two years ago. Ransomware-as-a-service and, in some cases, deepfakes are also on the rise, although most SMEs fall victim to human error.
- A well-crafted disaster recovery plan can significantly reduce and even eliminate downtime. Disaster recovery plans are an important component of business continuity plans. While business continuity focuses on the overall strategy, including incident recovery policies and procedures, disaster recovery focuses on IT infrastructure, data and applications.
- A well-crafted disaster recovery plan includes clear definitions of recovery time goals (RTOs) and recovery point goals (RPOs).3.4 Having such a plan is very important. critical to protecting data and applications against malware and ransomware attacks and can greatly reduce or even eliminate downtime.
- Data backup and replication is essential for disaster recovery. With cybercriminals spending more than 200 days in companies’ systems before being detected5 and corrupting backups, SMEs need to store their data in multiple formats across systems. different or towards a data replication solution to ensure near-instant recovery. While the age-old 3-2-16 strategy is endorsed by cybersecurity experts, some organizations are looking for greater security with the 3-3-27 approach, which includes an additional copy disconnected and inaccessible (“air-gapped”).
- An under-researched disaster recovery plan can bring businesses back to normal. Disaster recovery plans are essentially meaningless without regular practices — and how often they do so depends on how quickly an organization grows or adopts new technologies. . Experts say such plans should be updated and tested at least annually, and ideally quarterly.
This content is produced by Insights, the custom content arm of MIT Technology Review. It was not written by the editorial board of the MIT Technology Review.