Across every industry, cyberattacks are on the rise—wreaking havoc on day-to-day life by disrupting the flow of products and services to consumers, bringing businesses to a standstill, and threatening public safety. Justifying the time and resources to ensure a cyber-first business recovery plan might be difficult for organizations that have yet to experience an attack.
But as more cyberattacks make the headlines and the cost of ransom payments and cyber insurance soars, business leaders need to prioritize developing a tested cyber-first business recovery plan. The first step is securing Active Directory, the core identity store for most businesses worldwide.
Active Directory is the prime entry point for cybercriminals: Mandiant reported that 90% of the attacks their team investigates involve Active Directory—either as the initial attack vector or the gateway to elevated privileges. The vast majority of cyberattacks in the last year—including the massive SolarWinds breach—involved compromised identity credentials.
Companies that have experienced the nightmare of a cyberattack learn quickly that every minute counts when a breach is in progress. And although IT teams and business leaders might be tempted to simply get the business running again as quickly as possible, failure to properly restore Active Directory can lead to a second attack—often employing the same tactics that worked the first time.
The question is not how an organization can afford to invest time and resources in ensuring a quick, cyber-first Active Directory plan. The question is how it can afford not to.