By Michelle Weston, VP of Security and Resiliency at Kyndryl

While many organizations take a preventative stance toward cyber threats and enhancing their ability to anticipate, protect against and withstand cyber incidents, they often miss one crucial component: the ability to quickly recover mission-critical business processes. 

A recent Kyndryl survey found that the largest challenge organizations face when managing the impact of a cyber incident is the recovery of systems and data from a clean backup. This outranked other challenges such as managing an expanding IT footprint, staying up to date with emerging threats, or keeping up with changing regulations.

Not being able to quickly recover can result in operational downtime, an inability to serve customers, regulatory fines, damaged brand reputation and lost revenue. That is why it is crucial for organizations to have cyber incident recovery plans and processes in place to minimize negative impacts and ensure business continuity. What’s preventing organizations from embracing this approach?

Cyber resilience is the ability to anticipate, protect, withstand and recover from any adverse condition, including cyber outages. Here are three common myths that could be holding organizations back from building a robust cyber resilience strategy.

Myth #1: Cyber incident recovery is the same as disaster recovery

Traditional disaster recovery assumes that data and backup copies are not infected with malware. Cyber incident recovery, on the other hand, assumes the opposite, that data and backup copies are corrupted. Cyber incident recovery services include immutability and anomaly scanning to ensure there are “golden copies” of the data that can be used with assurance during recovery. 

Many organizations treat all outages similarly regardless of cause or complexity. However, cyber incidents are unique in that it is often difficult to determine whether the backup copies have been affected. Initiating recovery without additional data verification and data validation can propagate whatever is there, leading to a more widespread incident.  

Myth #2: Our business continuity plan can handle a cyber incident

Many organizations build and leverage business continuity plans to help plan for and recover from potential disruptions. For recovery efforts, an organization will determine recovery steps based on many potential disruptions, like a datacenter power outage. Cyber incidents add a new layer of complexity because they are inherently unpredictable and make it difficult to determine infected systems.

Instead, organizations should move from a “static” recovery plan that is updated every few years to a “dynamic” recovery plan that is consistently updated to handle the changing dynamics of the cyber threat landscape. This is important as cyberattacks become more sophisticated, often getting past the best protection measures. With a cyber resilience strategy in place, organizations can ensure quick recovery of critical business processes. 

Myth #3: Key business processes are protected from cyberattacks

When a cyberattack occurs, the IT and security team will undoubtedly get calls from employees throughout the organization asking them to quickly recover applications or data. Such requests can be overwhelming because each team simultaneously wants their processes back online quickly. It is important to align IT strategies with business objectives before an incident occurs. Having a pre-defined plan with clear roles and responsibilities for the organization will enable the organization to quickly restore business-critical assets and data.

In recognition of Cybersecurity Awareness Month, this is the final installment of a weekly series in October that highlights how organizations can anticipate, protect against, withstand and recover from adverse events.