Michel Nader, Sr. Regional Director – Data Protection Solutions – MERAT, Dell Technologies
In today’s always-on, always-connected economy, businesses are under pressure to enhance their cybersecurity strategy and prove to their customers that data protection is critical to their customer engagement strategy. Furthermore, as the world economy continues to digitise operations, supply chains, business transactions, and employee and customer services, cyberattacks are expected to continue to pose as one of the major threats to the world.
The World Economic Forum’s Global Risks Report 2020 ranks cyber-attacks as the second risk of greatest concern to businesses in the coming decade. As the tools of the Darknet become more sophisticated and accessible, cyber-attacks are increasingly borderless – taking advantage of jurisdictional constraints of regional authorities. In cyber-security, new threats and vulnerabilities appear at break-neck speed, so, as new technologies create opportunities to innovate, we’re seeing more large-scale data loss and the rise of ransomware attacks – so business resiliency planning is key to survival.
Why businesses must act
Reacting in real-time to a cyber-attack is already too late. Managing the risk requires agility, meticulous alignment across the business and testing to maintain awareness – it’s about being proactive rather than reactive. Cyber resilience is more important than ever as medium-sized businesses assess their risk of being attacked, whether at the hands of criminals or as collateral damage in cyber warfare.
Any data loss can put the nails in the coffin for unprepared businesses. While today’s business leaders may hope to evade the hit-list, it is a matter of ‘when not if’. According to the Dell Technologies- Institute for the Future (IFTF) ‘Realising 2030 Study’, 4,600 business leaders around the world ranked security and data privacy concerns as the most pressing barrier to successful digital transformation. 51% of them admitted that they have ineffective cyber-security measures in place while 59% believe their workforce aren’t sufficiently security savvy.
It is also interesting to note that in the Middle East specifically, the growing proliferation of IoT devices is creating massive security gaps that are enabling cyber criminals to double the number of data breaches and identity thefts every year. The reason being: as more organisations pursue digital transformation initiatives, they’re encountering new, complex risks that are expanding their attack surface. So, as IoT and AI enabled machines continue to be integrated into businesses, it is critical to ensure that these networked devices remain safe and secure.
Defending against catastrophic data loss
Protecting a huge portfolio of assets is not easy, especially as it expands. But every business must understand what its DNA is – that’s the critical 10-15 percent of data that must be protected at all costs. Defending a business from the worst-case scenario, mission-critical data loss, requires cyber security expertise and a holistic approach to resilience. Awareness needs to be built across the business – this is not just a tech problem. Synergy between technology and business processes is where true resiliency is attained. Leaning on cyber experts when it comes to planning and implementation will help businesses to identify key applications, recovery times and objectives.
Every arm of the business needs to understand where their most sensitive data and services sit and the level of risk around them. To understand the level of risk an agile approach is needed, because risk changes along with the business landscape. For this reason, regular scans and analysis of the internal landscape are essential to understand these changes and the impact.
For some, this can often lead to analysis paralysis – the desire to save it all. In the same way that we would only carry our most essential belongings from a burning home, businesses must decide upon their most prized data so that it can be protected and used to recover the business in the aftermath.
The good news is, this process can be simplified by data protection and cyber-security services that enable organisations to establish policy-driven automated workflows to move business critical data into an isolated environment and lock it down in less than five steps. This is called a cyber-vault, the ultimate protection for a business’ DNA. In the event of an attack, this data will help businesses to recover. When responding to cyber incidents and working to bring critical systems and data back online, accuracy and simplicity matter. A cyber recovery plan must be fully integrated within the business and align with its cloud strategy over the following five years.
The other way to be better prepared is to simplify the data landscape and make data available and protected from edge to core to multi-cloud, while protecting heterogeneous environments through superior risk reduction and advanced security solutions.
The speed of innovation has opened the world to new opportunities but has also become a Pandora’s box of risk. It’s important to remember that whatever threat trends proliferate, business leaders cannot overlook the role security and risk management play in their overall strategy. By not recognizing security as a potential business inhibitor, organisations open themselves to blind spots and vulnerabilities that can cause severe financial losses and reputation risks.
Looking ahead in 2020, all businesses need to be thinking like this and not assuming that simply having the right tools in place will automatically make the organisation immune to a targeted, complex attack. The right security posture will require an adequate amount of support from the C-Suite and an investment in people and processes that help make the tools more effective. The best way to succeed in the age of digital transformation is truly invest in cyber resilience in order to shore up the gaps in this ever-changing environment.