We All Must Become Data Protectionists
November 15, 2022

Simon Taylor
HYCU

Data breaches cost US companies an average of $9.4 million — and by 2031, ransomware attacks will happen every two seconds. To address the scourge of cybercrime, we must all become data protectionists.

It's no longer strictly an enforcement issue, governmental concern or business data issue. Cybercriminals target vital organizations like healthcare, education and infrastructure, threatening our safety, and our lives. With each successful breach and ransom payment, hackers grow more emboldened and continue to wreak havoc. The honest effort to fight these global attacks needs to begin at the local level. With data as our most valuable and exploitable asset, all organizations must invest in protection, period. It's the foundation for backup and, ultimately, for recovery in the inevitable event of an attack where hackers hold data hostage.

To prepare effectively with today's IT solutions is challenging. Nearly two-thirds of business leaders lack full confidence in their legacy backup solutions — a sobering statistic. New companies, especially, face challenges instituting backup procedures. Established organizations typically have IT departments to manage cybersecurity, but many start-ups are cloud-native and lack the resources to hire dedicated IT staff. Contrary to popular belief, cloud services don't secure your data. Under the practiced cloud-sharing model, cloud services merely hold the data — it's up to you to protect it.

These three steps can protect your data regardless of your organization's size or age.

1. Be prepared to recover from breaches

Hackers are tenacious, making it crucial to create data protection processes. But you can't stop there. You must assess your preparedness by evaluating your data storage practices and recovery capabilities. In addition to a secure backup process, you must create and practice a step-by-step restoration strategy.

With that in mind — do everything you can to prevent a breach. Start with consistently updating software and hardware to patch known vulnerabilities. Maintain an inventory of devices connected to the network. Consider hiring a managed service provider to oversee data protection. Smaller or newer companies lacking the resources to do it themselves benefit especially from this service.

The other factor you can't neglect? People. More than 80% of data breaches involve a human element. To protect against these attacks, require multi-factor authentication for your data, limit access and password-sharing and train your employees to recognize common phishing, social engineering and other hacks and their associated risks.

We can't bury our heads in the sand. With ransomware as a service (RaaS) making hacking more accessible and the growing sophistication of attacks, no prevention strategy is fool-proof. That's where these next steps come in.

2. Back up data with the 3-2-1-1-0 rule

Backing up your data is a requirement. So what's the best way to do it? Observe the 3-2-1-1-0 rule. Back it up three times with two copies stored via different media or locations. Store at least one backup copy offsite or in the cloud and one totally offline. And you must ensure there are zero errors in your data by checking the backups daily to confirm they are storing the crucial data and immediately correcting any issues.

Just because you possess data copies doesn't guarantee you can restore damaged files. Backups are only as good as their recovery plans.

3. Prepare a ransomware recovery plan

When hackers demand — and companies pay — a ransom, there's no guarantee the hackers will release the data. Only 4% of companies that pay a ransom have all their information returned. Even if you do receive your data, the restoration process is tricky. It requires identifying and removing any compromised data and a thorough database inspection before using backups to restore and reset. Whether you pay a ransom or not, the recovery process is still complex and could cause excessive downtime and lost revenue. So how do you circumvent these challenges? Plan ahead.

It is important to note — a ransomware recovery plan is not the same as a disaster recovery plan. Unlike recovery from a natural disaster or human error, ransomware recovery is necessitated by a threat or criminal activity. The primary goal of a successful plan should focus on business restitution without the loss of business continuity and the ability to recover all of your data without paying a ransom. A proper strategy can enable recovery in minutes — not days or weeks. Most processes involve backup software, hardware, Backup as a Service (BaaS) or some combination of these elements. The ransomware recovery plan should balance a company's internal capabilities and risk tolerance.

Equally critical — everyone involved in the procedure must maintain and practice the plan. Write down each step and regularly review the process. Run a simulated hack to verify the strategy's effectiveness, and set a schedule to review and update it as circumstances and business needs evolve. Organizations that tested their plan saved $2.6 million compared to those that didn't.

Ending cybercrime requires a group effort. Each organization must assume responsibility for its own data protection. The more difficult it becomes to hack into an organization, the more cyberattacks fail — and the less incentive cybercriminals have to continue their assault. Prevention through proactive strategies across all industries offers the best defense to protect individual and company data. We all bear responsibility in this fight — we must answer the call to become data protectionists!

Simon Taylor is Founder and CEO of HYCU
Share this

Industry News

November 22, 2022

Red Hat introduced Red Hat Enterprise Linux 9.1and Red Hat Enterprise Linux 8.7.

November 22, 2022

Armory announced its new cloud-based solution called Continuous Deployment-as-a-Service, now available on the AWS Marketplace.

November 22, 2022

Rapid has has formally rebranded Paw to RapidAPI for Mac.

November 21, 2022

Red Hat announced the general availability of Migration Toolkit for Applications 6, based on the open source project Konveyor, aimed at helping customers accelerate large-scale application modernization efforts.

November 21, 2022

Palo Alto Networks signed a definitive agreement to acquire Cider Security (Cider).

November 17, 2022

OutSystems announced its new cloud-native development solution OutSystems Developer Cloud (ODC).

November 17, 2022

Retool announced Retool Workflows, a fast, extensible way for developers to build cron jobs, scheduled notifications, ETL tasks, and everything in between.

November 15, 2022

OutSystems announced the new OutSystems AI Mentor System.

November 15, 2022

Redpanda launched the general availability of its Redpanda Cloud managed service.

November 15, 2022

Edge Delta announced the launch of a free version, Edge Delta Free Edition, providing an intelligent and highly automated monitoring and troubleshooting experience for applications and services running in Kubernetes.

November 14, 2022

Codenotary announced TrueSBOM, a patent-pending, self-updating Software Bill of Materials (SBOM) for every application that is made possible by simply adding one line to the application source code.

November 14, 2022

Azion announced the release of the Azion Build product suite.

November 09, 2022

Puppet by Perforce announced the latest Long-Term Support (LTS) release of Puppet Enterprise.

November 09, 2022

Couchbase announced new enhancements to its database-as-a-service (DBaaS) Couchbase Capella.

November 09, 2022

Macrometa Corporation announced a new strategic equity investment, go-to-market partnership, and powerful product integrations with Akamai Technologies.