By Mr. Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC
Cyber Security Ventures predicts that global data storage will exceed 200 zettabytes by 2025. To understand the quantum of this you can say, if each terabyte in a zettabyte were a kilometer, then 200 zettabytes will be equivalent to approximately 260,000 roundtrips to the moon. This data will come from data stored on private and public IT infrastructures, utility infrastructures; private and public cloud data centers, personal computing devices such as PCs, laptops, tablets, and smartphones, and IoT (Internet of Things) devices.
Protection of this data is most crucial for any enterprise. Even the strongest of firewalls don’t guarantee complete protection for enterprise data-the actual wealth of any organization. A forefront defense firewall is part of the drill, but there must be a foolproof data protection plan at the end.
In 2021, enterprises will see the next phase of changes in data protection trends as they are experiencing tech-tonic shifts brought about by digital transformation in 2020.
Remote Workforce Security and Data Protection
Gartner lists “securing your remote workforce” as the topmost security project for 2020-2021. In the first quarter of 2020 when enterprises were forced to migrate their entire workforce to remote work almost overnight, IT became busy creating safe and efficient remote access to the enterprises’ files and applications. The focus was security from a network and data perspective. Due to the critical nature of data which was now cloud-based and distributed, enterprises had to rely on hasty and last-minute security infrastructures which opened doors to cloud-based attacks.
Cybercriminals took full advantage of this disruption in the workforce norms and increased phishing and ransomware attacks on the remote workers. Today, Remote Desk Protocol (RDP) is currently considered the number one attack vector for ransomware, and even Virtual Private Network (VPN) appliances are not able to save the situation entirely. What enterprises need is data recovery resilience in the face of increasing cyberattacks and IT disasters.
With more data getting stored in the cloud, companies will need to develop more robust plans that aggregate and protect distributed data in line with new vulnerabilities in 2021. At the same time, the IT teams must track and secure non-compliant and compromised devices as they are still being used in remote settings.
Customer Data Protection Initiatives
Ignoring data protection and privacy norms is a blunder businesses can make especially when it comes to customer data. Research shows that almost 60 percent consumers will stop doing business with an organization that has experienced a cyberattack in the past year. The data also indicates that one in four consumers will jump ship to a competitor’s product or service after a single ransomware-related service disruption.
That’s a steep price to pay for letting customers down, and it’s not a surprise that so many enterprises are taking steps to ensure they provide the highest level of data protection for their users. 2021 should see enterprises prioritizing user data protection in both new and existing initiatives. They are likely to make use of technology to detect and resolve internal and external threats to data security.
At a broader level, the Indian government is in the process of finalizing its Personal Data Protection Bill. The Bill is expected to establish a Data Protection Authority to protect personal data of individuals and create a framework for processing such personal data.
Enforcement of Data Protection Regulations and Compliance
Data regulations are important. They ensure enterprises follow the same set of standards when protecting, sharing, collecting or storing sensitive data. Around 66 percent countries in the world have passed their own national data protection laws such as the European Union’s General Data Protection Regulation (GDPR) and Singapore’s Personal Data Protection Act (PDPA). India is in the final approval stage of its data protection bill which is expected to be presented to the parliament this year.
While countries are taking precautions and creating guidelines to create a safe data economy for their businesses and people, it’s unfortunate that enterprises don’t take it as seriously as they should. Companies, globally often don’t play by the rules and the annual cost of noncompliance to businesses runs at a staggering average of $14.8 million, according to a Ponemon Institute report.
Interestingly, it is seen that the cost of compliance to an enterprise is often much lesser than that of non-compliance. As we move into 2021 and remote work and cloud adoption continue, it is hoped that enterprises will go in for an increased enforcement of regulations and data privacy laws.
Data Protection from New Ransomware Techniques
Ransomware techniques will become more sophisticated and innovative. For instance, there will be ransomware “families” that will refine their tactics, techniques and procedures to become more evasive and finesse their sophistication, targeting multimillion-dollar business. Then there will be an increase in the number of entry-level, apprentice-type ransomware attackers offering ransomware-for-rent, or ransomware-as-as-service, allowing targeting of high volumes of smaller prey. “Secondary extortion” will increase where attackers steal and threaten to publish sensitive or confidential information if their demands are not met.
This brings us back to data protection. Ransomware and other cyberattacks will not stop. An enterprise can deal with all kinds of ransomware attacks provided it has invested in data protection and recovery. According to a recently released Sophos 2021 Threat Report, organizations are hard-pressed to predict the evolution of cyber threats because ransomware gangs are constantly devising new tactics to hold critical data hostage and solicit ransom payments. Enterprises, therefore, must take a proactive approach through an integrated first and last line of defencs that offers ransomware prevention, detection and removal, and if automated data restore to on-site and cloud targets.
Integrating cybersecurity and data protection as a coordinated deployment is critical for an enterprise. Arcserve’s new X Series Appliances integrate both and are designed to create a robust system scalable for enterprise data centers. These appliances uniquely combine deep learning endpoint protection and on- and off-site disaster recovery with over 3PetaBytes of effective capacity in one unit, and linear expansion to increase capacity as needed.
No matter what data protection and data recovery strategy an enterprise uses, what’s important is there should be one. Cybersecurity and data protection go hand in hand. Both are equally necessary and one should not be put in the back due to the other. A cybersecurity attack will leave unrecoverable wreckage in its wake if the organization is not resilient enough to recover its data. 3-2-1 is a good rule to follow: Keep three copies of your backup on two types of media and one copy offsite. The rest will automatically fall into place.