Business continuity in times of cyberattacks

22 July 2022

By Chris Mayers, chief Security Architect at Citrix

They say there are two types of companies: those that have had their networks hacked and those that have yet to. Put another way: either their recovery plan has already been used in action, or it will be. So that recovery plan had better be solid, taking into account people, process and technology.

Considering people first, the way we work has changed radically. Over a day, staff may work from several locations, use a wide range of apps, and access data in many systems. Business processes may extend across several organisations, with an organisation being in the middle of multiple supply chains. Technology has many layers, and can include cloud-based and on-premises components, any of which could fail.

IT departments must therefore closely monitor their systems for anything unexpected. For example, only authorised users should have access, whether they are in the office or elsewhere. Unexpected access – such as from a country where they have no reason to be – should be blocked, or trigger other controls. This kind of contextual access control is critical in protecting against stolen user identities and theft of devices.

Cyberattacks often take place without warning. Organisations must maintain day to day operations – this is where DaaS (desktop as a service) can play a role in a recovery plan. DaaS has grown in prominence over the last two years and also supports hybrid work; corporate desktops are hosted in a public or private cloud and are delivered to each employee so they can access from the place and device they prefer. They can even choose the applications they wish to use according to the work they do, and customise that desktop as they would with a traditional one. Their access is simple, they do not require large memory or storage capacity of the device and complex network setups are needed to access the information, as happens in VPN systems.

DaaS contributes to business continuity and security in two ways. First, no data, document, or application that an employee accesses is saved on the device itself. This means that if a cyberattack compromises the device, the information is not stored there and the user only needs to have another device for the original desktop to be restored, ready to use.

Secondly, backups of the desktop are more straightforward. Even if an attack reaches the public or private cloud where the information is hosted, business continuity can be ensured. By having an unaffected desktop backup and data in another public cloud or in another data centre, the user’s files and applications can be delivered as usual; and employees can continue with their everyday tasks.

Business continuity used to be linked to natural disasters or health emergencies. Your recovery plan just needed a periodic review, plus regular testing. Now, a recovery plan needs to cover an increasingly broad range of cyberattacks – not just ransomware. With a sound recovery plan – together with vigilant employees – we can hope that there will be only one type of company in the future: the one that confidently protects, monitors and maintains security.