Skip to Content

Sponsored

Computing

A new age of disaster recovery planning for SMEs

How cybersecurity threats have morphed, why SMEs need to plan for disaster recovery, and what they should do about it.

In association withOVHcloud

Today’s cyberthreat landscape has become increasingly complex. Gone are the days when devastation to enterprises’ data and IT systems was caused solely by force majeure events and physical terrorist attacks. Rising geopolitical tensions, fast-tracked digital transformation, and remote and hybrid working styles driven by the pandemic have made both public and private organizations across the globe increasingly vulnerable to cyberattacks via ransomware, malware, or hacking.

A new age of disaster recovery planning for SMEs

Today’s data is generated and distributed across highly complex ecosystems—multicloud, hybrid cloud, edge, and internet of things. Enterprises’ surface exposure to risks has ballooned. It’s not just big corporations that are at risk. Smaller, less sophisticated companies are easier targets due to their lack of resources and expertise.

According to Accenture, more than one-third of cyberattacks are aimed at small businesses, but only 14% of them are prepared to defend themselves.1 Cyberattacks could leave many small and midsize enterprises (SMEs) reeling from financial and productivity losses, operation disruptions, extortion payments, settlement costs, and regulatory fines.

Given this backdrop, experts say it’s time to plan for when, not if. Clear backup and disaster recovery plans—focusing on IT infrastructure, data, and applications—to execute recovery processes after a disaster are vital in every enterprise’s business continuity strategy. This report explores what disaster recovery planning entails and how SMEs can implement it in today’s fast-evolving cyber landscape.

The following are the report’s key findings:

  • Cyberattacks have grown more frequent and sophisticated, and SMEs are in the firing line. The data tells a worrying story. With the pandemic, along with geopolitical factors, causing shifts in how we live and work, the case for disaster recovery planning has never been more urgent.

    According to one cross-industry study, midsize companies were almost 500% more likely to be targeted by the end of 2021 than two years ago.2 Experts say artificial intelligence–based attacks are rising. Ransomware-as-a-service and, in some cases, deepfakes are also increasing, although most SMEs become victims because of human error.
  • A well-built disaster recovery plan can significantly minimize and even eliminate downtime. Disaster recovery plans are a key component of business continuity plans. While business continuity focuses on overall strategy, including policies and procedures for recovery following an incident, disaster recovery focuses on IT infrastructure, data, and applications.
  • A well-crafted disaster recovery plan includes clear definitions of recovery time objective (RTO) and recovery point objective (RPO).3,4 Having such a plan is crucial for protecting data and applications against malware and ransomware attacks and could significantly minimize or even eliminate downtime.
  • Backups and replication of data are essential for disaster recovery. With cybercriminals spending over 200 days in companies’ systems before being noticed5 and corrupting backups, SMEs need to store their data in multiple formats on different systems or look toward a data replication solution to ensure near-instantaneous recovery. While the longstanding 3-2-1 strategy6 is endorsed by cybersecurity experts, some organizations are seeking greater security with the 3-3-2 approach7, which includes an extra disconnected and inaccessible (“air-gapped”) copy.
  • An unexamined disaster recovery plan could bring enterprises back to square one. Disaster recovery plans are essentially pointless without regular practice runs—and how often this practice should be done depends on how fast an organization is growing or adopting new technologies. Experts say such plans should be updated and tested at least annually, and ideally every quarter.

Download the full report.

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

Deep Dive

Computing

Everything dies, including information

Digitization can help stem the tide of entropy, but it won’t stop it.

What’s next in cybersecurity

“When it comes to really cutting off ransomware from the source, I think we took a step back.”

Cyber resilience melds data security and protection

Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.

New year’s resolutions for CIOs

Digital leaders can meet the speed of innovation in 2023 by acting now on these four emerging technologies.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.