Microsoft says every enterprise should have a plan for when cybersecurity fails

No matter how good it is, enterprise cybersecurity is doomed to fail. Every enterprise should have a business continuity plan in place for when it does.

Video: So your company was hit with ransomware. Now what?

Every business enterprise using information technology and benefiting from the networking power of the internet, regardless of industry or size, has a major headache to contend with that can't be ignored or avoided: security. More specifically, cybersecurity.

Data is more vital to the modern enterprise than ever before, and protecting it from malefactors is the highest priority. Unfortunately, there are still too many enterprises in the world today that do not seem to understand this new reality.

Incidents of security breaches and stolen customer information make new headlines on an almost weekly basis, yet organizations are continually caught off guard by malicious criminal elements intent on stealing their data. If your enterprise does not have a strong, practical, and enforceable business continuity and disaster response (BCDR) plan in place, it is asking for serious trouble.

As a major component of IT infrastructures for many enterprises, Microsoft is well aware of its role in providing cybersecurity solutions to its customers. The company has inserted numerous safeguards, protocols, and technologies into its software and services to help businesses protect data from unauthorized access. But Microsoft knows that is not enough--enterprises must not only have a plan to prevent security breaches but also one to keep the business up and running after a security breach occurs.

SEE: How to build a successful career in cybersecurity (TechRepublic PDF)


Image: Microsoft News

Business continuity

As of June 2017, according to the Internet World Stats organization, there are more than 3.8 billion internet users worldwide. That means there are potentially more than 3.8 billion ways for malicious criminals to get unauthorized access to someone's data. Even for a large enterprise with extensive assets, that is an impossible attack surface to completely defend. Breaches are going to happen, data will be stolen, and downtime will occur.

A report from Gartner suggests that the average cost of downtime for enterprises located in the United States is $5,600 per minute, which adds up to more than $300,000 per hour. Not many enterprises can absorb that much lost productivity for any significant amount of time and survive.

The only viable option is to have a business continuity and disaster response plan in place. In a blog post by Ann Johnson, vice president, Enterprise Cybersecurity Group, Microsoft suggests a framework based on people, processes, and the cloud. With the cybersecurity protocols already implemented in Azure, Office 365, and the intelligent cloud, Microsoft believes it has established a base framework that companies can use to develop and implement a viable cyber resilience plan.

SEE: Report: 71% of SMBs are not prepared for cybersecurity risks (TechRepublic)

Bottom line


Image: Microsoft News

Security breaches of IT infrastructures are inevitable for every enterprise, or at least they should be assumed to be. Invariably, the security of any information technology system is dependent on people, which means those systems are inherently insecure and vulnerable to a multitude of attack vectors. This is just the reality of the situation.

While the security protocols designed into Microsoft's software and services certainly help, it will never be enough to overcome the risk associated with people accessing the system. So since security breaches are inevitable, it only makes sense for enterprises to have robust BCDR plans, particularly plans that emphasize personnel training and security education.

Regardless of whether that involves Microsoft, when it comes to cybersecurity and business continuity, enterprises should plan for the worst-case scenario while working to create the best-case scenario.

Also read...

Your thoughts

Does your enterprise have a business continuity and disaster response plan? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.

By Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to,, and TechRepublic.