We All Must Become Data Protectionists
November 15, 2022

Simon Taylor

Data breaches cost US companies an average of $9.4 million — and by 2031, ransomware attacks will happen every two seconds. To address the scourge of cybercrime, we must all become data protectionists.

It's no longer strictly an enforcement issue, governmental concern or business data issue. Cybercriminals target vital organizations like healthcare, education and infrastructure, threatening our safety, and our lives. With each successful breach and ransom payment, hackers grow more emboldened and continue to wreak havoc. The honest effort to fight these global attacks needs to begin at the local level. With data as our most valuable and exploitable asset, all organizations must invest in protection, period. It's the foundation for backup and, ultimately, for recovery in the inevitable event of an attack where hackers hold data hostage.

To prepare effectively with today's IT solutions is challenging. Nearly two-thirds of business leaders lack full confidence in their legacy backup solutions — a sobering statistic. New companies, especially, face challenges instituting backup procedures. Established organizations typically have IT departments to manage cybersecurity, but many start-ups are cloud-native and lack the resources to hire dedicated IT staff. Contrary to popular belief, cloud services don't secure your data. Under the practiced cloud-sharing model, cloud services merely hold the data — it's up to you to protect it.

These three steps can protect your data regardless of your organization's size or age.

1. Be prepared to recover from breaches

Hackers are tenacious, making it crucial to create data protection processes. But you can't stop there. You must assess your preparedness by evaluating your data storage practices and recovery capabilities. In addition to a secure backup process, you must create and practice a step-by-step restoration strategy.

With that in mind — do everything you can to prevent a breach. Start with consistently updating software and hardware to patch known vulnerabilities. Maintain an inventory of devices connected to the network. Consider hiring a managed service provider to oversee data protection. Smaller or newer companies lacking the resources to do it themselves benefit especially from this service.

The other factor you can't neglect? People. More than 80% of data breaches involve a human element. To protect against these attacks, require multi-factor authentication for your data, limit access and password-sharing and train your employees to recognize common phishing, social engineering and other hacks and their associated risks.

We can't bury our heads in the sand. With ransomware as a service (RaaS) making hacking more accessible and the growing sophistication of attacks, no prevention strategy is fool-proof. That's where these next steps come in.

2. Back up data with the 3-2-1-1-0 rule

Backing up your data is a requirement. So what's the best way to do it? Observe the 3-2-1-1-0 rule. Back it up three times with two copies stored via different media or locations. Store at least one backup copy offsite or in the cloud and one totally offline. And you must ensure there are zero errors in your data by checking the backups daily to confirm they are storing the crucial data and immediately correcting any issues.

Just because you possess data copies doesn't guarantee you can restore damaged files. Backups are only as good as their recovery plans.

3. Prepare a ransomware recovery plan

When hackers demand — and companies pay — a ransom, there's no guarantee the hackers will release the data. Only 4% of companies that pay a ransom have all their information returned. Even if you do receive your data, the restoration process is tricky. It requires identifying and removing any compromised data and a thorough database inspection before using backups to restore and reset. Whether you pay a ransom or not, the recovery process is still complex and could cause excessive downtime and lost revenue. So how do you circumvent these challenges? Plan ahead.

It is important to note — a ransomware recovery plan is not the same as a disaster recovery plan. Unlike recovery from a natural disaster or human error, ransomware recovery is necessitated by a threat or criminal activity. The primary goal of a successful plan should focus on business restitution without the loss of business continuity and the ability to recover all of your data without paying a ransom. A proper strategy can enable recovery in minutes — not days or weeks. Most processes involve backup software, hardware, Backup as a Service (BaaS) or some combination of these elements. The ransomware recovery plan should balance a company's internal capabilities and risk tolerance.

Equally critical — everyone involved in the procedure must maintain and practice the plan. Write down each step and regularly review the process. Run a simulated hack to verify the strategy's effectiveness, and set a schedule to review and update it as circumstances and business needs evolve. Organizations that tested their plan saved $2.6 million compared to those that didn't.

Ending cybercrime requires a group effort. Each organization must assume responsibility for its own data protection. The more difficult it becomes to hack into an organization, the more cyberattacks fail — and the less incentive cybercriminals have to continue their assault. Prevention through proactive strategies across all industries offers the best defense to protect individual and company data. We all bear responsibility in this fight — we must answer the call to become data protectionists!

Simon Taylor is Founder and CEO of HYCU
Share this

Industry News

March 20, 2023

To meet the growing demand for Oracle Container Engine for Kubernetes (OKE) with global organizations, Oracle Cloud Infrastructure (OCI) is introducing new capabilities that can boost the reliability and efficiency of large-scale Kubernetes environments while simplifying operations and reducing costs.

March 20, 2023

Perforce Software joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program and listed its free Enhanced Studio Pack (ESP) in AWS Marketplace.

March 20, 2023

Aembit, an identity platform that lets DevOps and Security teams discover, manage, enforce, and audit access between federated workloads, announced its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures.

March 16, 2023

Hyland released Alfresco Content Services 7.0 – a cloud-native content services platform, optimized for content model flexibility and performance at scale.

March 16, 2023

CAST AI has announced the closing of a $20M investment round.

March 15, 2023

Check Point® Software Technologies introduced Infinity Global Services, an all-encompassing security solution that will empower organizations of all sizes to fortify their systems, from cloud to network to endpoint.

March 15, 2023

OpsCruise's Kubernetes and Cloud Service observability platform is certified to run on the Red Hat OpenShift Kubernetes platform.

March 14, 2023

DataOps.live released an update to the DataOps.live platform, delivering productivity for data teams.

March 14, 2023

CoreStack and Zensar announced a strategic global partnership. CoreStack will provide its AI-powered NextGen cloud governance and FinOps capabilities, complementing Zensar’s composable cloud operations offering.

March 14, 2023

Delinea introduced the Delinea Platform, a cloud-native foundation for Delinea's PAM solutions that empowers end-to-end visibility, dynamic privilege controls, and adaptive security.

March 13, 2023

Sysdig announced a new foundation that will serve as the long-term custodian of the Wireshark open source project.

March 13, 2023

Talend announced the latest update to Talend Data Fabric, its end-to-end platform for data discovery, transformation, governance, and sharing.

March 13, 2023

Descope has raised $53M in seed funding and emerged from stealth to launch a frictionless, secure, and developer-friendly authentication and user management platform.

March 09, 2023

Loft Labs announced Loft v3 with new capabilities and flexibility for platform teams to build and enable their development teams with a self-service Kubernetes.

March 09, 2023

AWS Application Composer is now generally available.