Is your business protected from losing all its data? Are you fully backed-up and prepared against data loss and data theft?
How recoverable is your critical data? Are you covered across all devices, from the cloud through to a device such as a network attached storage? World Backup Day on March 31st places the focus on these key questions and today’s protection imperative encouraging individuals, families, and organizations alike to ‘take the pledge’ and backup their important documents, files, and data. It is perhaps then no wonder that World Backup Day has over 72,000 publications and mentions in media all over the world – this is something that impacts every single one of us.
And while the #WORLDBACKUPDAY focus is highlighted once a year, it has never been more important to make data protection and recoverability a 360-degree whole year commitment, baked in by design into our personal and professional practices. Backup can no longer be an afterthought or reactive behavior to an issue – it must be a proactive and integral part of an organization’s overall security posture. This is something I had the pleasure to discuss with Jack Bailey, Director of Sales & Channel Enablement at iland, an 11:11 Systems company, and global leader in managed infrastructure solutions provision across cloud, connectivity and systems. Here are our collective thoughts on what has changed and how to get ahead.
Lessons Learnt: Recent Ransomware and Cybersecurity Events
Cybersecurity attacks are more pervasive than ever, with multiple change drivers coming to the fore over the last year including the rise in the value of data, the IoT device explosion and growth of the API economy, an acceleration in multi-cloud adoption and cloud-native applications, increased technology and IT/OT convergence, and the rise of hybrid decentralized working and Bring/Choose Your Own Device.
In combination, cyber threats have fast become more complex, converged, and sophisticated. Examples include bad actor collaboration, Supply Chain, IoT and Small to Medium Business vulnerabilities, device hacking, phishing, attacks right across the DoS, DDoS, SaaS platform, MitM and Log4j spectrum and notably the rising risk of ransomware. A ransomware event is projected to occur every 11 seconds in 2022, with 83% of these successful ransomware attacks employing alternative extortion methods such as using stolen data to extort customers (Venafi) and backups being specifically targeted. Putting this all into context, the average ransom payment today has now reached an eyewatering $1.79 million (Cloudstrike).
‘Security threat actors are continually evolving their attack approaches to make them more impactful, including the coming together of cyber-criminal gangs with increasingly complex and professional tactics. We must respond in kind as a sector and as organizations and individuals – this requires a 4 Pillar focus on Technology, Culture, Processes and Skills’.
Dr Sally Eaves, Chair of Global Cyber Trust, Global Foundation of Cyber Studies and Research
As highlighted above, I believe the key lesson from this conflation of threats is the need to focus on security protection holistically across the Four Pillars of Technology, Culture, Processes and Skills. No gaps can be left behind. For example, in respect to data we have seen some critical types sometimes overlooked (Github 2021). With security increasingly shifting left or in other words earlier into the development lifecycle, it is key to consider code as intellectual property and back up your devops processes, repositories, servers and metadata too.
Equally, education and awareness gaps persist. As an example, a key challenge facing SMBs is confusion around shared responsibility models and clarity around what security duties are handled by their cloud service provider and which belong to the organization itself as a user (Eaves 2022). Backup plays an important role in addressing these lessons across the four pillars, especially facing the growing threat of ransomware targeting backups directly, and organizations having inadequate backup and recovery processes in place. Recent research reflecting that less than half of ransomware victims were able to successfully restore their systems (CyberEdge) puts this into sharp focus – but this is something that can be overcome:
‘More than ever, having an air-gapped/hardened backup target has become a must-have. Many ransomware varieties or malicious processes will attempt to delete or encrypt backup data. Ensuring your organization’s backups are protected from those threats is an absolute necessity’ Jack Bailey, Director of Sales & Channel Enablement at iland
Future Proofing Protection: Evolving Ways of Work
Ensuring reliable backup will become ever more critical for organizations to expediently leverage their mission critical restorations, with BaaS growth understandably predicted to more than double in the next three years (iland). And this is brought to the fore when we focus further on one of the key drivers of change – the evolution of ‘the office’. As identified by new Morgan Lovell research, an illuminating ‘87% of workers believe their workplace needs to change substantially after covid’. These are trends set to stay!
Indeed, we are seeing the blending of Space, Place and Pace giving rise to Workplace 4.0 and the brand new concept of the physical ‘Collaboratory’ space (Eaves and Mitel 2022) accessed for specific activities whilst other tasks are conducted remotely. This reflects the current transition to hybrid or remote working models for the long-term and seeks to balance decentralized WFH/WFA activities with physical office space for collaborative, interactive and social hub activities alongside dedicated quiet spaces, and all empowered by a focus on the three pillars of technology, sustainability and wellbeing.
Organizations of any size need to be able prevent security risks and recover quickly if they occur, so backup affords a vital role in the security strategy of actualizing the work from anywhere model – from our home, when on the move and when in ‘the Collaboratory’ and all often using devices that well may be our own. As discussed with Jack Bailey, Director of Sales & Channel Enablement at iland, this means developing a security strategy that consists of both “protecting” and “recovering” data and applications. Customers need to be able to continually and easily monitor and remediate risks along with the ability to restore and recover on-site, or perform recovery to the cloud as well as connect in a secure and seamless manner – from anywhere.
So as organizations shift towards a hybrid or remote workforce this means three things:
1. Critical data is in more locations and needs to be protected wherever it is.
2. Given human error is a great cause of data loss and access, the risks to data increase. Having a strong backup strategy in place is even more necessary.
3. This must be supported by investment in education and training at all levels of the organization including within non tech facing roles.
Read the original article on the site of BBN Times.