Over the past year, the world has seen cyber-attacks increase at a concerning rate. So much so that the cost of cybercrime is estimated to reach $8 trillion in 2023. It is unsurprising that we are seeing a huge rise in new cyber technologies, techniques, and legislation as businesses and governments alike seek to fortify their institutions. Here are some of our top tips to keep ahead of the game and ensure that your business resilience is tip top:
Discover your data
According to a recent survey, 57% of Chief Information Security Officer’s (CISOs) do not know where some or all their data is or how it is protected. This is hugely concerning, especially as the amount of data generated each day continues to grow and more and more regulations are being enforced. The question then becomes, how can you protect your data and remain compliant with legislation if you do not even know where it is?
Data discovery helps prevent loss or exposure of sensitive data and enables organisations to implement appropriate security measures. As a result, we can expect – and hope – to see CISOs and their teams focus on discovering their data so that it can be protected in the right way. Only once you have full visibility of your data can you be confident that you can keep downtime to a minimum should the worst happen.
Back it up and test, test, test
Backups should be taking place very regularly within organisations. At a minimum, this should be once a week but for the best protection, data should be backed up every 24 hours. In our modern world where data is generated at incredible speeds and technology is always changing, a business’ data can look very different from one week to the next. A backup that is over a week old may not bear much resemblance to the state of a business at the time of attack.
Whilst most backups nowadays are automatic and take place without you even noticing, it is crucial not to forget about them all together. Backups should therefore be tested regularly. The recommendation is at least annually, but others will advocate for monthly tests. Unless you run such trials, you do not know whether your essential data is being fully and accurately preserved. Regular testing ensures that you can be confident that your backup is sufficient, and that downtime can be kept to a minimum.
In addition, it trains your employees to know exactly what to do should an attack occur. A fire drill for your data, backup tests ensure that no major damage will be done should a cyber-attack strike.
Ride the wave of new regulatory requirements
Just when individuals and businesses have wrapped their heads around the latest data regulations and requirements, it does not feel like it was too long ago when we were all rushing to comply with the Protection of Personal Information Act (POPIA) and General Data Protection Regulation (GDPR). Now, a new wave of legislation is heading our way as regulatory bodies aim to stay ahead of the curve and mandate strong protection of data and other assets.
The Digital Operational Resilience Act (DORA) was adopted by the European Union (EU) at the end of 2022 to coordinate the financial sector’s approach to cybersecurity. With the increasing threat of cyber-attacks taking down some of the most high-profile organisations and even entire cities, DORA favours on-premises backup instead of connection-reliant cloud backup options.
Although mandatory compliance is still a couple of years away, businesses will start preparing for compliance throughout 2023. This will include reviewing legacy IT systems to ensure they meet regulations as well as potentially investing in new software. Although DORA is EU legislation, any business connected to the EU market will have to comply with its regulations. This means that most South African businesses operating in the United Kingdom market will also have to take the necessary steps to comply.
Open your eyes to new opportunities
The technology world is always changing, and new opportunities are being created. Especially when cyber-attacks are happening more frequently than ever before and cybercriminals are growing in sophistication, there is no shortage of new, innovative data protection techniques coming to the market.
One of these is the emerging technology of cyber deception. Designed to put the business in the driving seat and take control back from the attackers, the methodology involves deploying decoys to lure the attacker to fake assets and away from the real ones. Not only does this reduce the threat event frequency, as the attacker is much more likely to touch one of the hundreds of fake assets rather than the real one, it also provides an early warning system, by alerting the business as soon as a fake asset is touched. This allows security teams to get to work in isolating the asset and restricting the attacker from reaching the real systems far quicker than any reactive security solution.
2023 and beyond
Although the current climate may look dire and reports of more cyber-attacks are in the news daily, all is not lost. Taking a proactive approach to your cybersecurity whilst keeping on top of your data and cybersecurity measures will put you in good stead to face whatever is thrown at your organisation. And, finally, do not be afraid to branch out. You may wish to proceed with caution when introduced to the newest cybersecurity methods, but they could be just what you need to stay one step ahead of cybercriminals.
By Kate Mollett, Regional Director at Commvault Africa