Microsoft says every enterprise should have a plan for when cybersecurity fails
No matter how good it is, enterprise cybersecurity is doomed to fail. Every enterprise should have a business continuity plan in place for when it does.
Every business enterprise using information technology and benefiting from the networking power of the internet, regardless of industry or size, has a major headache to contend with that can’t be ignored or avoided: security. More specifically, cybersecurity.
Data is more vital to the modern enterprise than ever before, and protecting it from malefactors is the highest priority. Unfortunately, there are still too many enterprises in the world today that do not seem to understand this new reality.
Incidents of security breaches and stolen customer information make new headlines on an almost weekly basis, yet organisations are continually caught off guard by malicious criminal elements intent on stealing their data. If your enterprise does not have a strong, practical, and enforceable business continuity and disaster response (BCDR) plan in place, it is asking for serious trouble.
As a major component of IT infrastructures for many enterprises, Microsoft is well aware of its role in providing cybersecurity solutions to its customers. The company has inserted numerous safeguards, protocols, and technologies into its software and services to help businesses protect data from unauthorised access. But Microsoft knows that is not enough—enterprises must not only have a plan to prevent security breaches but also one to keep the business up and running after a security breach occurs.
As of June 2017, according to the Internet World Stats organisation, there are more than 3.8 billion internet users worldwide. That means there are potentially more than 3.8 billion ways for malicious criminals to get unauthorised access to someone’s data. Even for a large enterprise with extensive assets, that is an impossible attack surface to completely defend. Breaches are going to happen, data will be stolen, and downtime will occur.
A report from Gartner suggests that the average cost of downtime for enterprises located in the United States is $5,600 per minute, which adds up to more than $300,000 per hour. Not many enterprises can absorb that much lost productivity for any significant amount of time and survive.
The only viable option is to have a business continuity and disaster response plan in place. In a blog post by Ann Johnson, vice president, Enterprise Cybersecurity Group, Microsoft suggests a framework based on people, processes, and the cloud. With the cybersecurity protocols already implemented in Azure, Office 365, and the intelligent cloud, Microsoft believes it has established a base framework that companies can use to develop and implement a viable cyber resilience plan.
Security breaches of IT infrastructures are inevitable for every enterprise, or at least they should be assumed to be. Invariably, the security of any information technology system is dependent on people, which means those systems are inherently insecure and vulnerable to a multitude of attack vectors. This is just the reality of the situation.
While the security protocols designed into Microsoft’s software and services certainly help, it will never be enough to overcome the risk associated with people accessing the system. So since security breaches are inevitable, it only makes sense for enterprises to have robust BCDR plans, particularly plans that emphasise personnel training and security education.
Regardless of whether that involves Microsoft, when it comes to cybersecurity and business continuity, enterprises should plan for the worst-case scenario while working to create the best-case scenario.