Every summer I ask myself the same question. How do so some IT leaders in Europe “disappear” for three or four weeks, turn off their phones, leave their laptops behind, and genuinely disconnect from work? No checking emails from the beach. No daily Teams meetings. No “I’ll just jump on a quick call and be back in a minute” comment to the family or friends. They simply trust that everything will continue running while they enjoy a glass of wine overlooking the Mediterranean.
As someone who has spent years working with enterprise technology for quite a long time now (yes, I am that old) , I can’t help but wonder: how some people can go away on a long vacation knowing that a cyberattack, ransomware incident, accidental deletion, or infrastructure failure could happen at any moment? Specially, when they know they are nor fully protected!
What’s fascinating and also quite perplexing, is that almost every IT leader who leads the security, compliance or infrastructure department, believe they are prepared and that going away is perfectly fine. I wonder if they know that a latest research from Foundry Research, shows that 97% of organizations indicate they are confident in their backup and recovery strategy, but yet, more than half of them (52%) have already experienced data loss from a cyberattack, nearly half have lost data through accidental deletion, and many require an average of nine (9) hours to fully recover from episodes.
Most organizations and IT leaders have invested heavily in Firewalls, endpoint protection, identity management, vulnerability scanners, SIEM platforms and the list keep growing, which creates a feeling of being protected and ready. But when something actually goes wrong, another reality emerges and often quite late, they find virtual machines aren’t fully protected , containers have no backup strategy, endpoints are only partially covered and recovery procedures haven’t been tested recently. This situation is quite similar to building a house with reinforced steel doors while leaving half the windows open. Quite scary if you think about it, isn’t it?
One of the key problems I find is that organizations treat backup as an insurance policy rather than a business continuity strategy. Sure, you want to say you were “prepared to face a challenge” but never ever focused on ensuring the solution could keep your business going, while recovering. These, are two completely different scenarios.
Real cyber resilience means much more than having copies of your data or having a process to manage your devices; It means knowing that your recovery points haven’t been compromised, detecting anomalies before corrupted data is restored, validating data integrity, orchestrating recovery across hybrid environments, protecting SaaS applications, securing endpoints, managing long-term archives, and proving compliance when regulators or insurers come knocking and doing all this while your business keep on moving on. In a nutshell, having a cyber resilient strategy means being ready to protect, defend and recover. Yes, also recover, which means you must have a plan that allows you to continue doing business while managing the impact of an attack.
And that’s what brings me back to those long European vacations. I genuinely admire IT leaders who can disconnect for weeks and enjoy time with their families without constantly refreshing their phones or checking the latest security alerts as they know they do indeed have done their work and are prepared for the worst-case scenario. To those who have done the work: Very well deserved and by all means, I am hoping you are having a fantastic time. But, to those who still rely on traditional data and back up practices or believe Cyber Resilience is just a buzzword…. I don’t know how you can get away not being prepared for the reality of this new world. Remember, Cybercriminals don’t take summer holidays. Ransomware groups don’t pause operations in July or August. They simply look for organizations that are confident enough to believe “it won’t happen to us.”
So as summer arrives, I sincerely hope every IT professional gets the opportunity to unplug, spend time with loved ones, and enjoy a well-earned vacation. But, I hope they do it knowing their business is protected by more than optimism. And if for some reason they have any doubt, I would recommend some additional reading here
