The last few years has seen both an explosion in the amount of data companies are collecting and also an increase in the level of public understanding about the value and vulnerability of their data and the need for its protection.
All of this of course has caught the attention of cyber-criminals who are now searching for increasingly sophisticated methods to gain access to data. Today companies face increasing pressure from regulators and the marketplace as a whole to improve how they collect, use, store and delete personal information, and how they manage data privacy.
More data but companies are struggling to find ways to store it, protect it and use it.
According to the 2021 Dell ‘Global Data Protection Index’, a survey of 1,000 global IT decision makers, companies are on average managing ten times more data than they did in 2016. This is a huge increase in the amount of information entering companies. This offers opportunities to gain real insight into customers and business practices, which enables companies to have a proper understanding of how data can play an important role in future growth.
However, too much data creates a whole host of problems including:
Cost: the more data you have, the more it costs to store it.
Reduced effectiveness: When a company has a large amount of data it becomes much harder to process and identify the key data that might result in growth. Compliance: More data doesn’t necessarily equate to more insight, and actually the ‘keep everything’ approach that many companies have followed now violates some of the new data regulations. With data protection agencies now fully enforcing GDPR with huge fines, companies have to be aware of what data they have, where it sits and how they use it. Security: the more data a company has, the more difficult it is to secure and the greater the potential risk of a security breach
Cybercriminals are finding increasingly sophisticated ways of gaining access to this data, selling it or holding it to ransom. This causes considerable problems for companies who suffer data loss, damage to their reputation and potentially huge regulatory fines.
With so much more data residing within companies and cybercriminals determined and increasingly able to steal it, Dell’s ‘Global Protection Index’ highlighted a disturbing admission from a majority of the companies it spoke to.
62% fear that their existing data protection measures may not be sufficient to cope with cyber threats,
67% of organisations lack confidence that all business-critical data can be recovered in the event of a destructive cyberattack.
74% agree that the increase in employees working from home had increased their exposure to data loss.
These statistics highlight what we have seen over the past few months. As cybercrime has increased in regularity and sophistication, most businesses have been unable to keep up and as a result there has been a significant increase in successful attacks.
Another significant finding was that 82% of organisations believe that their existing data protection measures won’t be able to meet all future business needs. While it is good that companies are recognising that they cannot stay still with their data protection, it seems that most don’t know where to turn next to resolve the issue.
It could be that they are looking for the wrong solutions, focusing just on traditional cyber defences. Cyber defence tends to be one step behind cybercriminals. No matter how high you build your defensive walls, cybercriminals will always find a way over the top to get at your data.
Indeed, cybercriminals are not just looking to get over the top of cyber defences, but through the backdoor. The past two years have seen a real increase in the number of attacks on organisations that have not originated with the organisation itself, but one of their partners. Attacks through the supply chain are an increasingly popular route for cybercriminals which means companies need to get a 360-degree view of potential vulnerabilities across their network.
While it’s important to have defences in place, looking at ways of protecting data that sit alongside cyber defence will be key for those worrying about future business needs.
Cyber resilience is key, not just cyber defence
Increasing your levels of cyber resilience will be critical in securing data. The connectivity of modern systems means that once criminals have gained access to them, they can access vast amounts of data relatively easily. This often includes any data that a company has backed up immediately rendering any disaster recovery plans are immediately negated.
The key then, is to back-up data in a completely separated system, meaning that if a cybercriminal does gain access, back-up data is safe. This is where air gaps play a critical role. Placing data in systems, that are completely separated from the rest of the infrastructure, means that it is impossible for cybercriminals to get their hands on it.
This level of cyber resilience means that data is in a fully isolated, highly secure and air-gapped vault. Even if the worst happens and a breach impacts a company and its data back-ups, criminals are unable to get hold of the air-gapped data and advanced workflows and tools will enable companies to recover quickly and securely.
Boost data protection through zero-trust
Another aspect of increasing cyber resilience within organisations is implementing a zero-trust approach. Zero-trust is exactly as it sounds. It is a security framework that requires all users (whether they are in or outside an organisation’s network) to be continually authenticated, authorised and validated before they are allowed near or access to data.
By taking a zero-trust approach, companies can be sure that some of the most sophisticated methods cybercriminals are now using can be successfully identified and dealt with. It means that employees are constantly on the lookout for suspicious activity and ensures that a culture of good cybersecurity practice is implemented throughout a business.
This approach means that cybercriminals don’t just have to get through the cyber defences but also a human wall and technology that are both running a zero-trust policy. By taking this holistic approach to cybersecurity companies can apply layered security to every user, device, application, database and access point. It also provides a clear view of present and future risk, often using Artificial Intelligence (AI) to triage threats
Perhaps most importantly, it does all of this while balancing risk and productivity. It allows a company to continue operating, but wraps layered proactive AI-powered security around every user and every element inside its infrastructure.
It is clear that cybercriminals are increasing the regularity and sophistication of their attacks. Companies are aware of the increased threat but have reached a point when continuous spending on cyber defences, although important, no longer keeps criminals at bay. Therefore finding new ways of protecting data and making it harder for the cybercriminal to gain access to it is crucial.
Increased cyber resilience with air-gap, siloed back-ups along with a zero-trust approach will help companies increase their security, protect their data and have a more future-proofed solution in place to deal with an ever-increasing threat.