When it comes to disaster recovery, small to medium-sized businesses confront a unique set of challenges. The view that the SMB is not as attractive a target as an enterprise organisation, and is therefore immune to hackers, is a misnomer.
Mounting research points to the fact that SMBs are increasingly at risk of cyberattack, therefore disaster predaredness should be a matter of top priority. According to a January 2020 research study by BullGuard, 43% of SMBs (in the UK and US) have no cybersecurity defence plan in place.
While the Hiscox Cyber Readiness Report 2022 reveals that hackers are broadening their attack pool in 2022, where some small businesses could find they are dealing with first-time server or cloud-focused attacks. The Cisco 2021 Data Privacy Benchmark study, reports that 45% of SMBs with less than a thousand employees had 5-16 hours of breach-related downtime.
While some SMBs operate under the assumption that their size doesn’t merit a ransomware attack, most simply lack the resources necessary to improve their cybersecurity stance.
Cyberattack Vulnerability: SMBs vs. the Enterprise
The lack of preparedness on the part of SMBs can make them low-hanging fruit, and a more alluring alternative target for cybercrime. Whereas the high level of complexity in cyber defences within large organisations (being more informed and having made considerable DR investment and preparation), can actually dissuade attackers.
SMBs are typically on much tighter budgets than larger organisations, with IT teams that are usually small, having to cover all aspects of IT. Whereas enterprises are able to hire dedicated in-house cybersecurity staff, as well as being in a position to afford to deploy real-time detection measures and infrastructure threat monitoring capabilities.
Research from Alliant Cybersecurity shows that one in five small businesses jumped head-first into remote working without having any clear cybersecurity mitigation or prevention policy in place. Apart from facing a raft of new types of attacks emerging as a result of hybrid working, SMBs have an added disadvantage: they do not have full control of every aspect along the supply chain, further increasing their vulnerability.
With cyber-threats and natural disasters on the rise, the SMB IT team today faces a much wider threat vector than ever before. Despite their limited size, SMBs are characterised by a large attack surface, i.e., the sum of attack vectors that could be potentially exploited by cybercriminals. The attack vectors fall into three categories: devices, software and people.
With the exploding number of network-and internet-facing devices involved in daily operational activities, SMBs find it increasingly difficult to manage cybersecurity risks associated with them. The same applies to software that offers multiple points of entry for ransomware attackers: UI forms, HTTP headers, APIs and databases, among others.
Finally, there are employees who are woefully unprepared to tackle cybersecurity challenges due to the lack of training. All these vulnerabilities can be remediated with sufficient investment into cybersecurity, which is not something that all SMBs can afford.
SMB Cyberattack Preparedness
SMBs must become better informed, as no industry is safe from attack. Proper cybersecurity procedures must be put in place, with regular updates, so that companies do not fall behind emerging trends and therefore put themselves at risk of potential attack once again. But with the data centre already ‘in motion’, considering dropping everything to adopt enterprise blueprint data protection measures can seem like a daunting endeavour for the small business. The cost and sheer scope is just not realistic.
However, with a greater understanding of the threats involved, and with a match-fit plan and solution in place, it is possible for SMBs to embrace agility and growth with the assurance of effective cyberattack protection and disaster recovery.
Facing the reality that IT resources are stretched thin, is a vital first step in SMB disaster preparedness. So while creating a full-blown DR plan may be too much for many SMBs, this challenge can be overcome with the IT team starting small, focusing instead on the organisation’s datasets or applications that are most critical to the running of the business.
The DR planning process should be approached step-by-step, ensuring that each phase works as a viable stand-alone DR plan. This way, the SMB establishes a strong foundation upon which to build as resources allow. The key is in knowing where to start, and this should be with the application most vital to the organisation, for example, email (likely to be critical to get back online in the event of a disaster).
DR Tactics: Top Tips for SMBs
There are pivotal considerations and capabilities that should be included in any successful DR approach for SMEs:
1. Decide on the viable recovery time for that application. So understating the parameters of recovery point objective (RPO), how much data loss can occur vs. recovery time objective (RTO), which is the length of time it will take to recover the application.
2. Virtualise all applications and datasets. Virtualisation provides many benefits for SMBs. Virtualisation makes recovery easier, as VMs can be moved between physical servers with ease.
3. Decide whether the organisation should leverage backup or replication. Backups, relating to frequency of protection, can deliver a foundation of protection across the business. Whereas replication, relating to the level of retention, is utilised for specific applications that may require a higher level of protection and recovery.
4. Recovery-in-Place. Recovery-in-place allows SMBs to start VMs and point them at backup storage in the remote site so that applications can return to service almost immediately after disaster declaration. This should be suitable for the majority of SMB application recovery needs.
With these considerations, and by tackling the project in stages, SMB data centres can feasibly implement and maintain a successful, cost-effective DR strategy. Utilising virtualisation, granular backups, and recovery-in-place technologies can significantly drive down the cost of rapid recovery.
With a clear understanding of the potential threats from the start, effective data protection measures can be implemented by SMBs within a reasonable budget to substantially improve their defences against cybercrime.
By Sergei Serdyuk, VP of Product Management, NAKIVO.