In 2015, Gartner analysts began pushing the notion that sooner or later, every organization will be attacked and likely breached, regardless of which security controls they’ve deployed. Since then, most enterprises and government agencies have accepted this harsh fact of digital life – mostly due to consequences, no doubt.
The damages resulting from breaches are far-reaching, extending beyond financial losses to encompass reputational harm, eroded trust, regulatory scrutiny, steep fines, and even job losses at the highest levels. Consequently, cybersecurity planning has taken center stage, layers of controls have been added, and security investments have surged. Some market prognosticators say in the near future the market will reach a staggering $260 billion.
Decisions to allocate more resources to defenses are commendable, as proven technologies and strategies have evolved to a point where ROI is measurable. Organizations can now see how many attacks they are enduring, how many they are stopping, and which solutions are providing them with effective levels of performance. However, as someone who continually interacts with public and private sector organizations across industries, I am noticing a concerning trend, which is an over-emphasis on detection and prevention coupled with insufficient focus on recovery.
Resilience is crucial
The heightened awareness of cybersecurity risks has catalyzed an influx of investment into various cybersecurity solutions. As organizations scramble to fortify their digital ecosystems, they have poured substantial resources into advanced threat detection tools, artificial intelligence-driven security, state-of-the-art firewalls, and much more. This financial dedication reflects their determination to stay one step ahead of adversaries. This is important, as these precautions serve their intended purpose and frequently prevent attacks.
However, when a ransomware attack occurs, they take down organizations for longer than ever. In 2017, international shipping giant Maersk was crippled by NotPetya ransomware for 10 days, during which time it lost an estimated $300 million. In 2021, major energy provider Colonial Pipeline fell victim to another ransomware variant that closed a major East Coast fuel line, panicked millions of consumers, and caused the company to pay a $4 million ransom payment to restore its systems.
While detecting and stopping threats should remain paramount, resilience must be considered equally crucial. It is only after an attack has been identified and neutralized that the real work begins, and the costs start to mount -- both financial and otherwise.
Investing in resilience
Continuity is more important than ever, with so many individuals working in a remote capacity. For employees, being taken offline by a security attack can result in loss of profit, productivity, and more. Regardless of industry, every microsecond counts when it comes to getting back online after a cyberattack.
If you are a security and risk professional, you may have lived through an incident where ransomware evaded perimeter defenses, infected thousands of globally distributed laptops, and locked out every employee from the network – for an extended period.
The allocation of budgets is not helping with resilience efforts. In the U.S., the average organization spends only 12% of its IT budget on cybersecurity, with one in five schools committing less than 1%. The lion's share of this amount is spent on preventative measures, meaning that when attacks occur, organizations are left wondering how to get their systems back online without paying a ransom. In 2023 so far, nearly 73 percent of companies worldwide paid ransom to recover data. Without reactive strategies in place, organizations have no choice but to pay ransoms in order to keep employees productive, keep their information safe, and secure business continuity.
Time to rebalance
The changing threat landscape unfortunately demands that organizations accept the inevitability of cyber threats. Gartner's prophetic statement has paved the way for a substantial increase in cybersecurity investments. However, the prevailing focus on detection and prevention has overshadowed the critical aspect of recovery, leaving organizations struggling in the aftermath of cyber-attacks. To achieve true cyber resilience, organizations must recalibrate their approach, investing in preparation, response, and recovery strategies that ensure their ability to withstand, recover, and adapt quickly in the face of ever-changing cyber threats.
Minimizing downtime following an attack ensures that organizations can rebound quickly, taking only microseconds to get back online where unprotected organizations could take days, even weeks. Only then can they confidently navigate the digital world and protect their most valuable assets from relentless adversaries.