We All Must Become Data Protectionists
November 15, 2022

Simon Taylor
HYCU

Data breaches cost US companies an average of $9.4 million — and by 2031, ransomware attacks will happen every two seconds. To address the scourge of cybercrime, we must all become data protectionists.

It's no longer strictly an enforcement issue, governmental concern or business data issue. Cybercriminals target vital organizations like healthcare, education and infrastructure, threatening our safety, and our lives. With each successful breach and ransom payment, hackers grow more emboldened and continue to wreak havoc. The honest effort to fight these global attacks needs to begin at the local level. With data as our most valuable and exploitable asset, all organizations must invest in protection, period. It's the foundation for backup and, ultimately, for recovery in the inevitable event of an attack where hackers hold data hostage.

To prepare effectively with today's IT solutions is challenging. Nearly two-thirds of business leaders lack full confidence in their legacy backup solutions — a sobering statistic. New companies, especially, face challenges instituting backup procedures. Established organizations typically have IT departments to manage cybersecurity, but many start-ups are cloud-native and lack the resources to hire dedicated IT staff. Contrary to popular belief, cloud services don't secure your data. Under the practiced cloud-sharing model, cloud services merely hold the data — it's up to you to protect it.

These three steps can protect your data regardless of your organization's size or age.

1. Be prepared to recover from breaches

Hackers are tenacious, making it crucial to create data protection processes. But you can't stop there. You must assess your preparedness by evaluating your data storage practices and recovery capabilities. In addition to a secure backup process, you must create and practice a step-by-step restoration strategy.

With that in mind — do everything you can to prevent a breach. Start with consistently updating software and hardware to patch known vulnerabilities. Maintain an inventory of devices connected to the network. Consider hiring a managed service provider to oversee data protection. Smaller or newer companies lacking the resources to do it themselves benefit especially from this service.

The other factor you can't neglect? People. More than 80% of data breaches involve a human element. To protect against these attacks, require multi-factor authentication for your data, limit access and password-sharing and train your employees to recognize common phishing, social engineering and other hacks and their associated risks.

We can't bury our heads in the sand. With ransomware as a service (RaaS) making hacking more accessible and the growing sophistication of attacks, no prevention strategy is fool-proof. That's where these next steps come in.

2. Back up data with the 3-2-1-1-0 rule

Backing up your data is a requirement. So what's the best way to do it? Observe the 3-2-1-1-0 rule. Back it up three times with two copies stored via different media or locations. Store at least one backup copy offsite or in the cloud and one totally offline. And you must ensure there are zero errors in your data by checking the backups daily to confirm they are storing the crucial data and immediately correcting any issues.

Just because you possess data copies doesn't guarantee you can restore damaged files. Backups are only as good as their recovery plans.

3. Prepare a ransomware recovery plan

When hackers demand — and companies pay — a ransom, there's no guarantee the hackers will release the data. Only 4% of companies that pay a ransom have all their information returned. Even if you do receive your data, the restoration process is tricky. It requires identifying and removing any compromised data and a thorough database inspection before using backups to restore and reset. Whether you pay a ransom or not, the recovery process is still complex and could cause excessive downtime and lost revenue. So how do you circumvent these challenges? Plan ahead.

It is important to note — a ransomware recovery plan is not the same as a disaster recovery plan. Unlike recovery from a natural disaster or human error, ransomware recovery is necessitated by a threat or criminal activity. The primary goal of a successful plan should focus on business restitution without the loss of business continuity and the ability to recover all of your data without paying a ransom. A proper strategy can enable recovery in minutes — not days or weeks. Most processes involve backup software, hardware, Backup as a Service (BaaS) or some combination of these elements. The ransomware recovery plan should balance a company's internal capabilities and risk tolerance.

Equally critical — everyone involved in the procedure must maintain and practice the plan. Write down each step and regularly review the process. Run a simulated hack to verify the strategy's effectiveness, and set a schedule to review and update it as circumstances and business needs evolve. Organizations that tested their plan saved $2.6 million compared to those that didn't.

Ending cybercrime requires a group effort. Each organization must assume responsibility for its own data protection. The more difficult it becomes to hack into an organization, the more cyberattacks fail — and the less incentive cybercriminals have to continue their assault. Prevention through proactive strategies across all industries offers the best defense to protect individual and company data. We all bear responsibility in this fight — we must answer the call to become data protectionists!

Simon Taylor is Founder and CEO of HYCU
Share this

Industry News

May 22, 2024

Mendix announced a partnership with Snowflake to enable the enterprise to activate and drive maximum value from their data through low-code application development.

May 22, 2024

LaunchDarkly set the stage for “shipping at the speed of now” with the unveiling of new features, empowering engineering teams to streamline releases and accelerate the pace of innovation.

May 22, 2024

Tigera launched new features for Calico Enterprise and Calico Cloud, extending the products' Runtime Threat Defense capabilities.

May 22, 2024

Cirata announced the latest version of Cirata Gerrit MultiSite®.

May 21, 2024

Puppet by Perforce announced a significant enhancement to the capabilities of its commercial offering with the addition of new security, compliance, and continuous integration/continuous delivery (CI/CD) capabilities.

May 21, 2024

Red Hat and Nutanix announced an expanded collaboration to use Red Hat Enterprise Linux as an element of Nutanix Cloud Platform.

May 21, 2024

Nutanix announced Nutanix Kubernetes® Platform (NKP) to simplify management of container-based modern applications using Kubernetes.

May 21, 2024

Octopus Deploy announced their GitHub Copilot Extension that increases efficiency and helps developers stay in the flow.

May 20, 2024

Pegasystems introduced Pega GenAI™ Coach, a generative AI-powered mentor for Pega solutions that proactively advises users to help them achieve optimal outcomes.

May 20, 2024

SmartBear introduces SmartBear HaloAI, trusted AI-driven technology deploying across its entire product portfolio.

May 16, 2024

Pegasystems announced the general availability of Pega Infinity ’24.1™.

May 16, 2024

Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.

May 16, 2024

GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.

May 16, 2024

Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.

May 15, 2024

Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.