1 The Challenge
Organizations and society have become very dependent upon digital services which has increased the widespread impact of cyber threats. Recent incidents demonstrate how ransomware attacks and even mistakes can disrupt public services including healthcare. Governments around the world have recognized the need for improved digital resilience. For example, in the EU the Directive (EU) 2022/2555 (known as NIS2) and the Digital Operational Resilience for the Financial Sector Regulation EU Regulation 2022/2554 (known as DORA) extends this to the financial services industry.
To achieve cyber resilience, organizations must take steps beyond security controls to prevent cyber-threats from impacting their digital infrastructure – they must also develop the capabilities needed to respond to and recover when incidents occur. These capabilities include those to backup, protect, and restore not only business data, but also the data which defines today’s virtual and cloud IT infrastructure, as well as applications.
The many challenges that organizations face in achieving cyber resilience include protecting against ransomware and data destructive cyber-attacks, IT service failures, meeting their shared responsibilities for protecting their data in cloud services, protecting against mistakes and malfunctions as well as complying with regulatory obligations.
1.1 Cyber Resilience
Digital transformation has made every organization more dependent upon their IT systems and increased the potential impact on their business from any disruption. If an organization is unable to access its data or systems, the entire business could be destroyed. To ensure cyber resilience organizations need to be able to recover critical data, cyber infrastructure and restore business applications in the event of cyber-attacks or system failures.