A staggering 83% of organizations have suffered a material security breach recently, with over half occurring in the past year alone, underscoring the critical need for advanced preparedness and agile response strategies, according to Commvault.
For security and IT professionals, the risk landscape is constantly evolving, they are particularly concerned about external threats, and organizations must assume breach. Organizations realize it’s not a matter of if or when they will be breached, but a matter of when they find out that they already have been breached.
Five markers of cyber recovery readiness
Commvault and GigaOm were able to pinpoint five key capabilities, also called resiliency markers, that when deployed together, helped companies recover faster from cyberattacks and experience fewer breaches compared to companies that did not follow the same path.
These five resiliency markers emerged after data analysis teams combed through survey results across a range of topics including: how often companies were breached, what resilience technologies were (or were not) deployed, and how rapidly businesses were able to recover data and resume normal operations.
The resiliency markers are as follows:
- Security tools that enable early warning about risk, including insider risk.
- A known-clean dark site or secondary system in place.
- An isolated environment to store an immutable copy of the data.
- Defined runbooks, roles, and processes for incident response.
- Specific measures to show cyber recovery readiness and risk.
For many organizations, cyber recovery strategy is still a work in progress. Again, 38% of our respondents recognize that their efforts could use improvement. Those aiming to improve should look to their more mature peers, which place a premium on prioritizing more practices vs. just a few, and, as a result, are on more solid footing in the face of a breach.
Cyber ready organizations recover faster
In assessing the results, only 13% of respondents were categorized as cyber mature.
Cyber mature organizations, those that have deployed at least four of the five resiliency markers, recovered 41% faster than respondents with only zero or one marker. Overall, cyber mature organizations report experiencing fewer breaches compared with companies that have less than four markers.
54% of cyber mature organizations were completely confident in their ability to recover from a breach, compared to only 33% of less prepared organizations.
70% of cyber mature organizations tested their recovery plans quarterly, compared to 43% of organizations with only zero or one maturity marker, that tested with this same frequency.
Without testing in a real-world scenario, organizations have no way to know how their cyber recovery plans will perform.
“One of the key findings from the research is that in order to truly advance cyber preparedness, organisations can’t cut corners. We saw significant disparities in resilience between organisations that deployed one or two of the resiliency markers versus four or five,” said Chris Ray, Cybersecurity Analyst, GigaOm. “It’s critical that organisations think about resiliency in layers. Less than 85% of respondents surveyed do that today. This needs to rapidly change if companies want to be resilient and have the upper hand against bad actors.”