Secure to survive: How to protect company data when disaster strikes
Amidst the backdrop of natural disasters and geopolitical tensions, the global business environment is fraught with unprecedented risks that pose a threat to vital operations. The vulnerability of infrastructure, supply chains, and day-to-day functions underscores the critical importance of safeguarding the very essence of modern enterprises: data.
The imperative task of securing and protecting mission-critical data and systems has surged to the forefront of organisational priorities, says Doros Hadjizenonos, regional director at cybersecurity specialists Fortinet. “In an era marked by escalating uncertainties such as unrest, conflicts, and disasters, businesses are compelled to strengthen their defences against potential disruptions.”
The evolution of cybersecurity into what is termed “the third era” also signifies a paradigm shift towards prioritising data protection. “In the first era, we secured the perimeter with the stateful firewall. Then we upgraded to next-generation firewalls to protect applications,” explains Hadjizenonos. “Now, our main goal is to secure data no matter where it is stored. The introduction of Unified Secure Access Service Edge (SASE) marks a significant leap in safeguarding data across different work setups, networks, and cloud systems.”
This strategic shift not only addresses pressing cyber risks but also plays an important role in safeguarding data integrity and bolstering business continuity in times of adversity, he adds.
Climate risk grows
The recent floods in the Western Cape and KwaZulu-Natal have once again shown the destructive impact of extreme weather events, and experts predict these occurrences will only become more frequent and intense in the future. The World Meteorological Organisation (WMO) has reported that weather-related disasters are on the rise, with a significant increase in the number of events between 1970 and 2021.
Climate change is exacerbating these trends, leading to more extreme weather events and higher economic losses. In 2023, climate change indicators hit record levels, especially affecting Africa where weather-related hazards are becoming more severe. According to the World Weather Attribution Service, human-induced climate change is doubling the likelihood of intense rains and catastrophic flooding, as seen in various parts of the country in recent years.
Planning for a disaster
“Backup and disaster recovery services give businesses a sense of security when facing disasters like floods or fires that could impact their operations,” says Hadjizenonos.
Backup, the simplest form of disaster recovery, involves storing data off-site or on a removable drive. Disaster-Recovery-as-a-Service (DRaaS) moves an organisation’s data and systems to a cloud-based setup. To minimise the risk of natural disasters affecting the DRaaS infrastructure, many choose providers with servers located farther away. “Companies operating in the cloud are less vulnerable to disruptions from natural disasters, as cloud systems are usually more secure than traditional on-site servers,” he adds.
For small and medium-sized enterprises (SMEs) and businesses operating primarily in the cloud, the risk of disruption from floods or fires is lower. The cloud is highly reliable, boasting 99,9% uptime. While it may not always be the most cost-effective choice, running your operations in the cloud ensures your data and applications are easily accessible. “It’s important to remember that cloud providers typically secure their infrastructure and may not be liable for data loss. It’s therefore recommended to take a platform approach to cybersecurity and choose a vendor that can secure your data and applications that may exist in the cloud, on the endpoint, or on-premise,” warns Hadjizenonos.
“Wherever data and systems are backed up or hosted, it is vital that they have the same levels of security and the same policies in place as the main business site,” Hadjizenonos says. “The disaster recovery (DR) site may have some security in place, but if it is seldom active, you need to make sure your teams are familiar with it and have synchronised your security policies. Assessing your risks and expenses is crucial in determining the frequency of backups to the DR site. Regular live testing is also necessary to ensure readiness.”
Downtime isn’t the sole concern during a natural disaster; cybercriminals often exploit the chaos to launch attacks, notes Hadjizenonos. “We’ve witnessed this during events like the Covid-19 pandemic and other disasters, where attackers manipulate emotions to target individuals. This underscores the importance of robust data protection measures, whether you’re operating from your primary business site or a disaster recovery location, and regardless of where your data is stored.”