From Natural Disasters to Cyberattacks: A 5-Step IT Resilience Plan
Puneet Kumar, CTO, Dyninno India
With external disruptions becoming increasingly common, prioritizing IT resilience is not merely a strategic move but a necessity for business survival and growth. From natural disasters such as earthquakes and floods to cyberattacks that can cripple an entire IT infrastructure, the threats are real and ever-present. Thus, it is paramount for businesses to have a plan in place to ensure the continuity of their IT operations in the face of such disruptions.
Unexpected DDoS attacks serve as a stark reminder of the cyber threats lurking in the digital realm. For instance, a new Distributed Denial-of-Service (DDoS) attack technique targeting the HTTP/2 protocol emerged in September 2023, impacting internet exposed HTTP/2 endpoints. The DDoS threat landscape continued to evolve with an alarming escalation in attack sophistication, as seen in the exploitation of Mitel vulnerabilities. Moreover, Cloudflare detected unusually large HTTP attacks peaking at 200+ million requests per second in August 20233. Notably, a major DDoS attack aimed at a US bank peaked at 55+ million packets per second in September 2023, emphasizing the dire possible financial consequences such attacks may have.
The attack on the All India Institute of Medical Sciences in November last year exposed around 40 million patient data, illustrating the broad spectrum of cyber threats faced by public and private entities alike.
A well-crafted IT resilience plan is not just about recovering from setbacks but proactively preparing for them. Without such a plan, businesses risk significant financial and reputational damage.
Here is a quick outline how to craft a comprehensive IT resilience plan that ensures continuity, irrespective of external disruptions:
- Foster a Collaborative Planning Process
The planning process should be collaborative, involving technological leadership like CIOs and CTOs who provide strategic direction. Operational workforce members, such as developers, leads, and managers, understand the day-to-day challenges and can offer practical solutions. Stakeholders from other departments, such as HR, PR, and finance, ensure all aspects of the business are considered.
2. Understand the Organization’s Critical IT Assets
It’s crucial to have a clear understanding of the organization’s critical IT assets and processes. This will help ensure that the resilience plan focuses on the most vital areas. All systems are important, of course, but they should be prioritized based on their significance to the business’s operations.
3. Embrace Adaptability and Redundancy
Resilience in IT is about adaptability and redundancy. It’s essential to build redundancy into IT systems and infrastructure, implement disaster recovery and business continuity plans, and train employees on how to respond to disruptions. Additionally, products should be hosted in the cloud with multi-AZ (Availability Zones) deployment. This ensures that services remain available even if one data center or region faces challenges — from weather events to overzealous governments. For instance, Netflix utilizes a multi-cloud deployment strategy to ensure service availability. They use Spinnaker for cloud deployment and leverage multiple AWS cloud regions to dynamically shift and expand their global infrastructure capacity. This approach guarantees that work is not disrupted by unforeseen events affecting a specific location.
4. Choose Reputable Cloud Providers
Opt for reputable cloud providers such as Amazon Web Services, Google Cloud, or Microsoft Azure for product hosting. They offer advanced security and redundancy features that are invaluable in ensuring IT resilience and make step no. 3 much easier to implement. During the surge in usage due to the pandemic, Zoom expanded its relationship with AWS to ensure low latency and continuous delivery of new features, enhancing the user experience.
5. Communicate Transparently and Openly
While not everyone may grasp the bigger picture, it is the organization’s responsibility to communicate transparently and openly with all stakeholders. Transparency is key, as it provides clarity and sets priorities — both essential in times of crisis. Including a communication component that outlines how the organization will communicate with employees and customers in case of disruption is vital. Microsoft has a protocol for communication during service outages, which includes promptly making leadership fully aware of the outage, providing support for troubleshooting, and communicating with all staff about the issue.
IT resilience goes beyond just technology. It’s about fostering a culture where teams are prepared and empowered to adapt to challenges.
By crafting a comprehensive IT resilience plan, businesses can navigate the challenges of the modern world and ensure their continued success. However, no system is impenetrable. The key is to always be vigilant, educate oneself on the latest trends, and regularly test and update the crafted IT resilience plan to ensure it remains relevant and effective against evolving threats.
Puneet Kumar oversees IT operations for the Dyninno Group in India. A seasoned tech professional, Puneet has been building engineering teams from the ground up for over two decades. He has vast experience in leading tech teams spanning Web development, Backend, Frontend, Mobility, infrastructure, and support.
Dyninno is a group of companies providing products and services in the travel, finance, entertainment, and technology sectors in 50+ countries.
It was founded in 2004 in San Francisco by Alex Weinstein. Today, 5,100 professionals work in the company around the world. Our offices are located in the USA, Canada, Brazil, Colombia, India, the UAE, the Philippines, Egypt, Uzbekistan, Italy, the Netherlands, the UK, Moldova, Romania, Latvia, Cyprus, Malta, and Turkey.
