Towards Cyber Resilience: A Data-Centric Approach to Security: Puneet Gupta, Vice President & Managing Director, NetApp India/SAARC

0
144
Towards Cyber Resilience: A Data-Centric Approach to Security: Puneet Gupta, Vice President & Managing Director, NetApp India/SAARC
Towards Cyber Resilience: A Data-Centric Approach to Security: Puneet Gupta, Vice President & Managing Director, NetApp India/SAARC

Cyber resilience is an integrated approach that brings together the long-siloed functions of data protection and data security.

In an era dominated by digital interconnectivity and an ever-expanding cyber landscape, safeguarding sensitive information has become a paramount concern for enterprises and individuals alike. As cyber threats continue to evolve in complexity and sophistication, the conventional perimeter-based security approach has proven to be insufficient. The need for a more adaptive and resilient defence strategy has called for a data-centric approach to cybersecurity. A report by a US-based cybersecurity firm revealed that India suffered the second-highest number of data breaches globally in 2022, with 450 million records exposed. Another study highlighted that 73% of surveyed organisations in the country were affected by ransomware attacks. These findings underscore the critical need for companies to take proactive measures to safeguard their invaluable data and facilitate its swift recovery in the event of a cyberattack.

The security of an organisation’s digital assets requires multiple layers of protection at the point of storage and the ability to respond immediately to breach attempts. Amidst a sea of known and unknown threats, including ransomware, rogue administrators, and a variety of malicious actors, enterprises need to evolve security strategies that encompass on-premise, hybrid, and multi-cloud storage environments.

The Confluence of Data Protection and Data Security

Cyber resilience is an integrated approach that brings together the long-siloed functions of data protection and data security. When the solutions and workflows associated with both functions are well integrated, the respective teams are better equipped to contribute to a more robust data management paradigm within the business—one that guarantees powerful safeguards against malicious actors.

It is essential for companies to view data protection not merely as an ‘add-on’ to their digital infrastructures but rather as a foundational element that secures business continuity. Unplanned downtime due to data outages places significant financial burdens on enterprises (estimated to cost nearly $6000 per minute). An effective, low-cost data recovery and backup solution empowers an organisation to restore data and applications within minutes in the event of an attack. This is particularly crucial in the context of the ubiquitous threat from ransomware, enabling companies to swiftly recover without being compelled to pay a ransom.

Data protection needs to be complemented by intelligent threat detection to proactively identify anomalies across the organisation, including those pertaining to storage and user behaviour, which in turn offer real-time protection. A comprehensive data security solution serves to raise the ‘alarm’ in the event of an attack and ensures real-time response.

Building cyber resilience:

A 5-Step Strategy

Paving the path to cyber resilience begins with the understanding that data protection and security need to be built into the bedrock of the company’s infrastructure, as opposed to being ‘bolted on’ as an afterthought. Enterprises can achieve cyber resilience by focusing on five crucial steps.

Assessment: Take stock of the environment in terms of assessing the current data protection and security measures, determining the various types of data under storage, and evaluating protocols for accessing data.

Action: Put proactive measures in place, including data encryption, regular backups, the implementation of rigorous infrastructure management and access controls, bolstering perimeter defences, updating vulnerable systems and applications, and educating the workforce in cybersecurity best practices.

Caution: Take measures to stay ahead of the curve and proactively identify suspicious activity before it snowballs into a significant threat. This includes detecting anomalies in system behaviour as well as monitoring suspicious user activity.

Recovery: Putting together a disaster recovery and business continuity plan to tackle crisis situations is the next step. This plan should be tested frequently and updated in line with the evolving threat landscape. Internal and external stakeholders should be well aware of the plan and any changes to ensure a cohesive response during an incident.

Restoration: The final step is to facilitate a return to normalcy at the earliest possible time by rapidly restoring data to accelerate operational recovery and leveraging intelligent forensics to identify the origins of a threat to be better prepared in the future.

Safeguarding our digital future

If data is the new oil fueling our societies and economies today, then its protection is indisputably a critical priority for any digitally-driven enterprise. Cyber resilience goes beyond perimeter protection to take a more holistic approach to safeguarding data and systems. It enables enterprises to stand firm in the face of adversity and continue developing innovative products and services that will shape our collective digital future with resilience.

Also readIT cybersecurity aims to ensure that stakeholders can access and process data when necessary, says Srikanth Subbu CISO at Tata Electronics

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.