“[They] accept that the likelihood of an attack happening will remain high despite the investment in preventative controls and that the most effective way to treat that residual risk is to reduce the impact by improving the organisation’s ability to recover,” he says.
Undertaking a “bare-metal” rebuild without being able to count on lights, phones or computer networks is not for the faint-hearted.
“It is somewhat of a lost art, given how resilient to faults technology systems have become over the past few decades,” Sayer says.
While risk mitigation is behind a lot of this activity, regulation is also motivating it.
In response to a surge in ransomware attacks, the government fast-tracked through Parliament regulatory amendments allowing it to assume control of critical infrastructure if a cyberattack threatens national security.
It is also introducing security obligations to new sectors – including banking and finance, communications, data storage and processing, defence, education and research, food and grocery, health, space, and transport. Dell is one of those companies captured by the expanded scope.
In the landscape beyond critical infrastructure entities, the…
