Disaster recovery should be at the core of every organization’s IT strategy. Any tactics implemented to keep a company online in the event of a catastrophe should account for natural and manmade disasters. Both threats have the ability to stop an organization in its tracks. The threat posed to business websites by bad actors looking to hijack functionality requires additional considerations beyond standard disaster recovery protocols.
Forty-three percent of cyber-attacks launched in 2018 targeted small businesses. That can be eye-opening for organizations with less than 250 employees.
While the likes of Target tend to be the ones who draw the big headlines and seemingly larger payouts, they often get to them by going through a smaller vendor or associate company. The target itself got hacked because bad actors gained access through the system of an HVAC company they used in the past.
The true cost of disaster recovery
Many small and medium-sized businesses (SMBs) cite cost as a reason why they don’t go further with protection measures. They rely on the false confidence that hackers will go after bigger fish. That mistake can end up crippling an SMB’s operations and potentially put them out of business.
We have previously discussed the increase in DDoS attacks against SMBs. Many of them simply cannot withstand the business disruption and loss of revenue that comes from having their business sites knocked offline for an extended period.
The Ponemon Institute estimates that cyber-attacks end up costing SMBs around $3.86 million dollars on average. Even a single hour of downtime can bring a price tag of over $100,000. What goes into the build-up of such large numbers?
- Cleanup costs
- Lost revenue from business disruption
- Remediation costs in highly regulated industries like finance or healthcare
- Regulatory fines that arise from compliance violations
- Processing customer refunds and covering costs they incurred as a result of a breach
Suspending operations after a cyber-attack is a path from which many SMBs do not come back. Covering expenses like rent, payroll, insurance, and operational costs with no revenue coming in takes a toll. Sixty percent of SMBs that suffer a cyber-attack end up going under after six months.
Five additional considerations for keeping your site online
Disaster recovery is an essential aspect of avoiding downtime during catastrophic events. Companies should ensure they look out for other vital elements of their IT infrastructure when it comes to maintaining high availability of their website and company systems.
DNS accessibility
Your Domain Name System (DNS) is how readable domain names get converted into IP addresses for connection. That is why we can enter “www.google.com” into our web browser instead of strings of numbers. DNS support services form the backbone for resolving internet domain names.
Distributed denial-of-service (DDoS) attacks disrupt your domain’s DNS resolution attempts. Doing so prevents users from accessing the website. The attack also compromises your website’s responses to legitimate traffic. It can be hard to separate a DDoS attack from heavy traffic because they mimic them by using a variety of unique locations and look for actual existing records available on the domain.
A system of round-robin load balancing can keep your site from being taken offline. You should list the IP addresses of two load balancers, or reverse proxies, that are each set to balance traffic loads between your CDNs. If one becomes unreachable, a client web browser can continue to the next DNS server and attempt to locate the website.
CDN availability
Content delivery networks (CDNs) can improve website performance and reliability by caching content at the edge of the network. Using CDNs over traditional hosting solutions also prevents service interruptions, improve redundancy, and provide added security. They have a higher capacity to withstand hardware failure while conducting a higher level of traffic. Bandwidth costs also go down since your site does not have to transport as much data.
CDNs can still go down for other reasons outside of cyber-attacks. A Cloudflare outage occurred in July 2019 because of a software deployment gone wrong. It pays to have multiple CDNs available to decrease the chances of downtime for your website. You do not want your business experiencing a Cloudflare scenario because you balked at the cost of obtaining more CDNs.
Server availability
Many companies try to ensure high availability of their servers by having a load balancer on the front. Two additional servers are then connected as a backup in case one of them goes down. Incoming traffic goes through the load balancer and is given access to the designated server.
Having automated server failover can ensure that a standby server is accessed if one of the others fails or becomes compromised. The practice can keep your organization from losing critical data. Automated server failover automatically directs your requests off-site for handling, keeping your operations seamless.
Database accessibility
You want to make sure your organization always has access to your onsite and cloud data stores in an emergency. Most companies have a single database router and multiple redundant databases. They implement a “master-slave” architecture where the “slave” servers continuously duplicate content from the central “master” database. You can help ensure high availability for your data storage solutions by having the process automated.
Top comments (0)