World Backup Day: think like a cybercriminal

If you were to sit down and reflect on the amount of data the average person accumulates over a 12-month period, the results would be astonishing. From a business perspective, this digital footprint is even more extensive, spanning various platforms to form an exhaustive digital map that must be expertly managed by IT managers.

However, with the option for remote working and the fast-changing nature of the current cyber landscape, data security for businesses has become an even more serious issue. In fact, research from Veritas reveals that nearly two-thirds (63%) of local IT leaders recognise gaps in their data protection strategy.

World Backup Day can serve as a powerful reminder that there isn’t a more critical time than right now for organisations to prioritise robust data protection strategies amid the changing landscape of privacy regulations. It is paramount for companies to do so, not only because of brand damage but also to avoid what are now very severe penalties.

Australian businesses must start looking at their data footprint through the lens of cybercriminals if they are to effectively protect themselves from the evolving threat landscape. This means understanding your data footprint and ensuring multiple backups are in place to limit lost access to critical information and ensure business continuity. But where do IT leaders begin?

Is multi-cloud the answer for secure data?

While multi-cloud adoption is delivering big benefits to enterprises around the globe in enhancing data protection, including improved resiliency and agility, the unfortunate reality is, bad actors are successfully making their ransomware attacks even more impactful by targeting cloud services and data.

Eighty-seven per cent of Australian organisations revealed they have experienced a ransomware attack on their cloud environments. In cases where devices are hacked or information is deleted and this data has never been backed up, it’s lost forever.

Regardless, cloud adoption isn’t showing any sign of slowing down either, with cloud computing spending in Australia predicted to reach more than $25 billion by 2025.

Despite this ongoing growth, there are a number of misconceptions about the cloud, creating a whole new world of data management challenges, such as unexpected costs, operational complexity and increased vulnerability to ransomware threats.

Recent research from Veritas found that 99% of Australian enterprises are significantly overspending on their cloud budgets by an average of 50% when using a public cloud service provider.

Not only that, half of Aussie office workers (50%) have admitted to accidentally deleting shared data such as Word documents, presentations or spreadsheets, with 43% believing data in the cloud is safer from ransomware because they assume their cloud providers are protecting it.

This misunderstanding around the cloud responsibility model means that many companies are unlikely to factor in the requirement for third-party data protection and are leaving their critical data vulnerable. Most cloud providers only provide a guarantee of the resiliency of their service, making it clear that the customer’s data is their own responsibility to protect.

So what steps can organisations take to avoid exposing data to inconsistent backup and network protection?

Your digital checklist this World Backup Day

1. Begin the backup by organising data into categories and getting rid of duplicates. Organisations should implement comprehensive classification systems to understand the kinds of data they have, where and how it should be stored and for how long. Organisations can also reduce their attack surfaces by establishing policies, technologies and auditing procedures designed to address this.
2. Double down on backup. While organisations are aware of the need for security of centralised data centres, access points often remain vulnerable. Each device with access to critical data needs to be backed up and protected, just as effectively as the data centres themselves. This includes implementing regular and scheduled backups, which should include encryption of both online and offline copies to ensure maximum protection of your business's data.
3. Don’t just rely on the cloud. As part of their standard service, most CSPs only provide an uptime guarantee of their service, not comprehensive cloud data protection with guarantees. The same rules apply to your cloud data that apply to all your other data: you must assess, categorise, protect and recover it. Never just assume someone else is doing that for you. The easiest way to accomplish this is to ensure that the enterprise data protection capabilities you expect and use today can be extended to hybrid cloud and cloud-native.
4. Implement automation for secure and cost-effective backup and recovery. Enterprises are dealing with an unprecedented quantity and variety of workloads and data that they need to manage. AI-based methodologies and technologies that automate provisioning, lifecycle optimisation and smart usage of resources like storage are necessary to keep up with these challenges, and they free up IT staff to focus on more strategic and transformational activities.
    

No company wants to face brand damage and loss of market capitalisation like what we have seen recently in Australia. Likewise, no CIO or CISO wants to be questioned by the board on a lack of visibility or failed response to a data breach. 

Leaders must work with their IT teams to take the necessary steps now to implement the right tools and protocols that can autonomously self-provision, self-optimise and self-heal data management services to keep their critical data safe and available no matter where it is — from edge to core to cloud.

Image credit: iStock.com/8vFanI