insider threats

What Is a Disaster Recovery Test and Why Should You Care?


Stephen King said it: “There’s no harm in hoping for the best as long as you’re prepared for the worst.” With 2,244 cyber attacks happening every day—that is one attack every 39 seconds somewhere on the Internet!—there is no guarantee that your business will be overlooked by the hustling hackers.


Cybersecurity has three pillars: 

  1. Prevention
  2. Mitigation
  3. Recovery


The latter step—Recovery—is most frequently neglected in companies’ IT strategies by both internal IT management and MSPs (managed service providers). Of course, you can build digital walls and moats with firewalls, encryption, and personnel training (take a look at our Ultimate Checklist for Securing Your Company Data). You can mitigate the attack and minimize its spread with centralized patching, sandboxing, and other techniques. 


However, those advanced hackers who can penetrate your best defences can cause you the most harm, including stealing your data, putting a ransom on accessing your data and systems, and compromising your business integrity. Which is why it is imperative that you are able to answer the question,



How quickly can I  bring my business back online after an attack? 


Disaster Recovery Planning


At 3nom, we call disaster recovery tests Fire Drills. This fits, because a disaster recovery test is the first step in collecting information about the gaps in your recovery strategy and protocols. It also helps all actors plan and prepare to take necessary actions when the attack strikes. 


Fire Drill simulates a cyber attack and highlights the most vulnerable areas, the breads of impact, and the actions that should be taken to stop the attack and recover the data. 


Fire Drill is the first step in your disaster recovery planning, that allows you to baseline the status quo or point A. Once you have it, you can map out activities that will take you to point B. 


3nom CTO Avrohom Liberman explains: “You also want to define the end state, or point B. We operate within the framework of “five nines of vulnerability.” How many “nines” of resilience do you need for your business? 90% recovery rate, or one “nine,” may mean you can be down for one month per year. For some businesses, that is perfectly acceptable. For others, only 99.999% recovery rate will suffice. With each “nine,” you add another layer of resilience.” 


Once you know your points A and B, it is worth investing time to set priorities. For some businesses, such as law and accounting, the most critical aspect of disaster recovery is restoring access to the cloud, while you may have more leeway with your own servers. In other cases, such as the ecommerce, manufacturing, and airlines, continuity of business processes is top priority. Determining where you fall on the spectrum will help you understand which gaps to close first and where to allocate the IT security budget.  


Speaking of budget, getting a better understanding of how much a cyber attack may cost your business may give you a solid ballpark for your ideal disaster recovery budget. Submit the Cyber Attack Cost Calculator 2021 form below to get your custom estimate from cybersecurity experts at 3nom. 


Finally, once you have these piece of data, you can work with your IT department or an MSP to develop a custom disaster recovery strategy that accounts for your business’s unique strengths and weaknesses. 


Disaster Recovery Planning Steps

  1. Schedule a Fire Drill (Disaster Recovery Test) 
  2. Identify security and recovery gaps
  3. Calculate the potential impact of a cyber attack on your business
  4. Determine  how many “nines” of resilience you need for your business
  5. Set your recovery priorities 
  6. Set your disaster recovery budget

Are you ready to take the first step in your disaster recovery planning and schedule a Fire Drill? Start with a free 30-minute consultation with 3nom here: https://calendly.com/abesasson/30min?month=2021-08.

Improve Your Productivity

Subscribe to learn more