Microsoft says every enterprise should have a plan for when cybersecurity fails

No matter how good it is, enterprise cybersecurity is doomed to fail. Every enterprise should have a business continuity plan in place for when it does.

Every business enterprise using information technology and benefiting from the networking power of the internet, regardless of industry or size, has a major headache to contend with that can’t be ignored or avoided: security. More specifically, cybersecurity.

Data is more vital to the modern enterprise than ever before, and protecting it from malefactors is the highest priority. Unfortunately, there are still too many enterprises in the world today that do not seem to understand this new reality.

Incidents of security breaches and stolen customer information make new headlines on an almost weekly basis, yet organizations are continually caught off guard by malicious criminal elements intent on stealing their data. If your enterprise does not have a strong, practical, and enforceable business continuity and disaster response (BCDR) plan in place, it is asking for serious trouble.

As a major component of IT infrastructures for many enterprises, Microsoft is well aware of its role in providing cybersecurity solutions to its customers. The company has inserted numerous safeguards, protocols, and technologies into its software and services to help businesses protect data from unauthorized access. But Microsoft knows that is not enough—enterprises must not only have a plan to prevent security breaches but also one to keep the business up and running after a security breach occurs.

Business continuity
As of June 2017, according to the Internet World Stats organization, there are more than 3.8 billion internet users worldwide. That means there are potentially more than 3.8 billion ways for malicious criminals to get unauthorized access to someone’s data. Even for a large enterprise with extensive assets, that is an impossible attack surface to completely defend. Breaches are going to happen, data will be stolen, and downtime will occur.

A report from Gartner suggests that the average cost of downtime for enterprises located in the United States is $5,600 per minute, which adds up to more than $300,000 per hour. Not many enterprises can absorb that much lost productivity for any significant amount of time and survive.

The only viable option is to have a business continuity and disaster response plan in place. In a blog post by Ann Johnson, vice president, Enterprise Cybersecurity Group, Microsoft suggests a framework based on people, processes, and the cloud. With the cybersecurity protocols already implemented in Azure, Office 365, and the intelligent cloud, Microsoft believes it has established a base framework that companies can use to develop and implement a viable cyber resilience plan.

Bottom line

Security breaches of IT infrastructures are inevitable for every enterprise, or at least they should be assumed to be. Invariably, the security of any information technology system is dependent on people, which means those systems are inherently insecure and vulnerable to a multitude of attack vectors. This is just the reality of the situation.


Leave a Reply