Building cyber resilience against ransomware
In association with Dell Technologies
Data has quickly become the lifeblood of every business and organisation in Ireland. However, living in a data-driven era comes with the risk of cyber-attacks, which now occur globally every 11 seconds.
It’s clear that many organisations are still struggling to implement an effective cyber resilient strategy, that protects their most valuable asset – their data.
While there’s no shortage of stats and projections which speak to the financial impacts and reputational damages resulting from a cyberattack, many reports fail to make an impression on those on the front lines tasked with protecting their organisations from ransomware and other sophisticated cyber threats.
The 2021 Dell Technologies Global Data Protection Index took the approach of surveying global IT decision makers to get a better understanding of how organisations are combatting increased data protection challenges and cyber resiliency threats.
Interestingly, the survey revealed organisations in Ireland and around the world are continuing to make advancements in digital transformation despite a low-level of confidence with respect to their data protection readiness and their ability to recover from ransomware attacks.
It is something of a cruel irony that while data is universally regarded as the essential ingredient for driving innovation, it is also the most vulnerable asset within the IT estate. The proliferation of cyber threats, the growth of multi-cloud computing, the distribution of traditional and cloud-native workloads across edge, core and cloud environments and the emergence of newer technologies like AI/ML have converged to create a perfect storm of IT complexity. The increase of remote work has only exacerbated these challenges even further.
Consider just the following three data points from the GDPI research in the EMEA region:
- 83% agreed that their organisations’ data protection solutions won’t meet all future business challenges
- 70% agree their organisation has increased exposure to data loss from cyber threats with the growth of employees working from home
- 69% are not very confident that all business-critical data can be recovered in the event of a destructive cyber-attack.
Clearly, the complexity caused by the scope and scale of data protection and the attack surfaces for cyber threats is dramatically increasing. Ensuring cyber resiliency, a holistic strategy to identify, protect, detect, respond and recover from ransomware and other cyberattacks, for example, requires multiple layers of protection to ensure that critical data is protected and isolated from these attack surfaces. Within this protected framework, it can be recovered with confidence following a ransomware attack, to accelerate the restoration of normal business operations.
What’s more, most IT planners are not confident their current data protection solutions will meet all future challenges. Emerging technologies like AI/ML and IoT combined with the projected explosion of data volumes on the edge will present significant data protection challenges for businesses of all sizes. On the positive side, AI/ML can also be leveraged within modern security strategies and solutions and services to integrate security products, solutions together to provide a holistic and resilient approach to modern data protection and security.
For many, the complexity of protecting emerging technologies is only compounded when they have to resort to working with multiple data protection vendors to gain the cyber resiliency and data protection they need across hybrid, multi-cloud and edge environments. Unfortunately, this complexity often comes at a staggering cost; companies that rely on multiple data protection vendors experience a 66% increase in data loss compared to those working with a single vendor.
Where does cyber recovery fit into your data protection strategy?
While leaders in Ireland should be commended for investing in emerging technologies to drive digital transformation, they come with modern threats that can only be addressed with modern solutions.
Organisations need to adopt modern data protection solutions to keep up with the pace of their consumption of emerging technology. Traditional data protection is still needed, but as the GDPI illustrates, is inadequate and wasn’t designed to address these modern complexities and the emergent threats of ransomware and other attacks.
Cyber Recovery distinguishes itself from traditional backup and Disaster Recovery (DR) in several ways. It provides additional layers of physical and logical security at both the solution, system and data/file level to ensure critical data can be preserved with integrity, confidentiality and to ensure it is available when needed for recovery.
Cyber Recovery is focused on protecting and isolating critical data away from cyber threats and attack surfaces within a secure immutable data vault and then enabling the recovery of that data vault when and if necessary. Cyber Recovery goes beyond DR plans by addressing the cyber threat to critical data but at the same time complementing DR plans which protect against other outages.
Recovery from a destructive cyberattack solves for a different type of disaster and can be very different from recovery from a power outage, fire, flood or terrestrial event. Cyberattacks are typically not limited to a specific location so their impact can often be felt globally, even with traditional DR solutions in place. For this reason, logical segregation of infrastructure, along with physical separation, to limit the spread of malware and reduce the surface of attack is typically more effective than having regionally dispersed data centres.
Recovery procedures can be more involved and iterative due to additional forensics working with cyber security teams. That’s why adopting a fast and reliable recovery solution is critical to an organisations ability to get back on its feet and restore business continuity.
While ransomware and other forms of cyberterrorism may continue to wreak havoc on many, accepting defeat as a foregone conclusion is not the answer. Innovations in modern data protection and cyber recovery give reason for businesses and organisations of all sizes in Ireland to be optimistic about the future.
Helping Irish organisations to strengthen their cyber resilience will be one of the main topics of the Dell Technologies Forum which takes place virtually on November 3rd. IT leaders will have the opportunity to hear from industry leaders on how to develop an effective cyber resilience strategy and how to prioritise cyber security investments.
Register for your place for this free virtual event here and join the #DellTechForum conversation.
Tom Digan, cyber resilience director, Dell Technologies Ireland