Close this search box.

Is it time to address your cybersecurity balance to deliver greater focus on recovery?

Protecting your critical business data from cyber threats is more important now than ever. With the rise of ransomware and other cyberattacks, it could be time to address your cybersecurity balance. The National Institute of Standards (NIST) Cybersecurity Framework offers a comprehensive assessment model for companies to evaluate their cybersecurity posture based upon 5 core functions; 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover. NIST recommend a balanced investment across all five functions, however, cybersecurity assessments often reveal that companies are investing 85% of their cybersecurity budget on functions 1 through 3 leaving only 15% for Respond and Recovery procedures. If we analyse the current top cybersecurity threats, it becomes clear that having solid recovery tools and processes in place is vital for all organizations.

Introduction: Why It's Urgent to Address Your Cybersecurity Balance

There is no doubt that cybersecurity tools designed to Identify, Protect and Detect cyber threats are very important, but if we consider the range of threats common today it becomes clear that a cyber attack which can circumnavigate early detection will become a reality for most organizations. In these cases, a system recovery solution that can restore vital business systems and application data to a known clean point in time is vital to prevent lost revenue, maintain customer service, and avoid paying extortionate ransomware demands. Let’s now consider 6 common threat categories and their likelihood of evading early detection.
    1. Social Engineering. Social engineering persists as one of the most dangerous hacking methods utilized by cybercriminals, primarily because it exploits human mistakes rather than technical weaknesses. This heightened danger stems from the fact that deceiving a human is considerably simpler than breaching a security system. In 2023, social engineering tactics have featured prominently as a primary means of acquiring employee data and credentials. High profile cases such as the attack on MGM Resorts International where MGM’s hotel and casino operations were disrupted for several days resulting in losses of over $100 million is just one such example. Over 75% of targeted cyberattacks start with an email, phishing is one of the top causes of data breaches, followed use of any credentials successfully stolen. If cybercriminals have obtained employee credentials their actions can remain undetected until they are in a very strong position to present ransom demands. A solid recovery solution then becomes your only line of defense.

    2. Third-partly exposure. Cyber attackers can bypass security systems by infiltrating less-secured networks of third-party entities that hold privileged access to the primary target of the hacker. A significant instance of such a third-party breach occurred in early 2021 when hackers exposed personal information from more than 214 million accounts on Facebook, Instagram, and Linkedin. The hackers gained access to this data by compromising a third-party contractor named Socialarks, which was engaged by all three companies and held privileged access to their networks.

    3. Configuration Errors. Configuration errors can pose a significant cybersecurity threat. Configuration errors occur when settings or configurations of software, hardware, or network components are improperly configured, leaving vulnerabilities that attackers can exploit. These errors may result from oversight, misconfigurations, or lack of adherence to security best practices. A 2019 study by the Ponemon Institute Research Report Sponsored by AttackIQ revealed that 50% of IT professionals acknowledge a lack of understanding regarding the effectiveness of the cybersecurity tools they have implemented. This indicates that a significant portion of IT experts may not be consistently conducting internal testing and maintenance of their cybersecurity measures. Again, configuration errors leave the gates wide open with system recovery the only option for a successful resolution.

    4. Poor Cyber Hygiene. Poor cyber hygiene refers to the lack of good practices and behaviors related to online security. It involves neglecting fundamental steps and precautions that individuals or organizations should take to protect their digital assets and data. The possibilities for bad practice are wide ranging but common indicators of poor cyber hygiene include:

      Weak Passwords: Using easily guessable passwords or reusing passwords across multiple accounts without regular updates.

      Outdated Software: Failing to regularly update operating systems, applications, and security software, leaving vulnerabilities unpatched.

      Lack of Security Software: Not having antivirus or anti-malware software installed, or not keeping it up to date.

      Unsecured Networks: Using unsecured Wi-Fi networks without encryption or using default router credentials.

      Clicking on Suspicious Links: Falling for phishing attacks by clicking on links or opening attachments from unknown or suspicious sources.

      Ignoring Software Updates: Disregarding prompts to update software or delaying updates, leaving systems exposed to known vulnerabilities.

      No Data Backups: Neglecting to regularly back up important data, making it vulnerable to loss in case of ransomware or hardware failure.

      Sharing Sensitive Information: Sharing personal or sensitive information online without considering privacy settings or the security of the platform.

      Using Unauthorized Software: Installing and using unapproved or unauthorized software, which may contain security risks.

      No Employee Training: Failing to educate employees or users about cybersecurity best practices, making them more susceptible to social engineering attacks.

      Poor Access Controls: Allowing excessive user privileges, not implementing the principle of least privilege, and not revoking access promptly for former employees.

      Neglecting Physical Security: Ignoring physical security measures for devices, such as leaving computers or mobile devices unattended in public spaces.

The list above serves to highlight the vast range of human factor vulnerabilities that can be classified as poor cyber hygiene, all of which have the potential of bypassing investments in tools related to functions 1 to 3 of the NIST Cybersecurity Framework.

    1. Cloud Vulnerabilities. A recent Forbes article sharing research from Oracle states that 98% of enterprises using public cloud have adopted a multi-cloud infrastructure provider strategy. A multi-cloud strategy offers several benefits such as removing single points of failure and preventing vendor lock-in, however, leveraging multiple cloud vendors widens the attack surface to the risk of security flaws and vulnerabilities. Forbes recommend that companies utilizing the cloud for infrastructure services pay particular attention to the following 5 threats:


      1. Unauthorized Access could go unnoticed.
      2. Distributed Denial of Service (DDoS) may strike.
      3. APIs and Applications are increasingly unsecure.
      4. Attacks can result in data loss.
      5. Insider Threats need to be taken seriously.


Protecting cloud service data and applications with system replication and/or system recovery tools is therefore vital for companies taking advantage of a multi-cloud hosting strategy.

  1. Remote working and mobile device vulnerabilities. Mobile device vulnerabilities have been exacerbated by the increase in remote working following the Covid-19 pandemic which led to an uptick in companies implementing bring-your-own-device policies. This widespread use of mobile devices has increased cyber risk for companies. Several factors contribute to this heightened risk:

    Mobile Malware: The prevalence of mobile malware has risen, targeting vulnerabilities in mobile operating systems and applications. Malicious apps, phishing attacks, and other mobile-specific threats can compromise sensitive corporate information.

    Bring Your Own Device (BYOD): The BYOD trend, where employees use their personal devices for work-related tasks, introduces additional challenges. Personal devices may lack the same security measures as company-issued devices, potentially exposing corporate networks to security risks.

    Data Leakage: Mobile devices are susceptible to data leakage through unauthorized access, especially if employees store sensitive information on their devices. Lost or stolen mobile devices can result in the exposure of confidential data.

    Unsecure Wi-Fi Networks: Mobile devices often connect to various Wi-Fi networks, some of which may be unsecure. This exposes devices to the risk of man-in-the-middle attacks, where attackers intercept and manipulate communication between the device and the network.

    Insufficient Security Measures: Some users may not adequately secure their mobile devices. This includes weak passwords, lack of device encryption, and the absence of security updates, making devices more vulnerable to exploitation.

    Phishing Attacks: Mobile devices are targets for phishing attacks, where users may be tricked into revealing sensitive information or downloading malicious content through deceptive messages or emails.

    Third-Party App Risks: Employees often download third-party apps, and some of these apps may have security vulnerabilities or contain malware. The use of unapproved apps can introduce risks to the corporate network.

    Limited Visibility and Control:: Companies may face challenges in monitoring and controlling mobile devices, especially when employees use personal devices for work purposes. This limited visibility can make it harder to detect and respond to security incidents.


To mitigate these risks, companies should implement robust mobile security policies, including the use of mobile device management (MDM) solutions, enforce security best practices, provide employee training on mobile security awareness, and regularly update and patch mobile devices. Additionally, companies should consider implementing a comprehensive cybersecurity strategy that accounts for the evolving threat landscape associated with mobile devices.

Conclusion: Investment in System Recovery tools should carry equal weight within any cybersecurity strategy.

Our summary illustrates that many vulnerabilities could bypass functions 1, 2 and 3 of the NIST Cybersecurity Framework, hence the NIST recommendation for all organizations to balance their cybersecurity investments equally across all 5 functions. Cybercrime reaches the periphery of every organization daily to the point that it is not a question of if an attack will occur, it is a question of when that attack will take place. Having robust system recovery tools and procedures in place is your ultimate line of defense following any cyberattack. If you need to address your balance of investments in system recovery, contact the Cristie Software team who are always available to advise on the best practices to secure your vital business systems and data.

Image by Freepik

Contact Us

Thank you for contacting us. We have received your request.