Advertisment

Cyber resiliency: Safeguarding data for business continuity

Organizations must readily embrace a robust cyber resiliency strategy, one that will ensure the delivery of intended outcomes

author-image
DQINDIA Online
New Update
data security

Data is the new crown jewel in today's data-driven world and is a critical asset for any organization's growth. The timely availability of this information directly impacts customer satisfaction and ultimately on business revenue and growth.

Advertisment

Hence in today's age of data-driven economy, data protection, which was erstwhile only an IT-team's objective, has now become a critical business requirement. We now live in a world where data breaches and destructive cyber-attacks have become a daily headline. It is no longer a question of "can" a company be hacked; it is "when a company can get attacked". That being the scenario, are enterprises leaving data protection only to the IT-team? If yes, it is only a matter of time when data is breached and you prepare yourself to answer your clients. Do you think you are prepared to face this new challenge?

 X-Force Threat Intelligence Index report – 2021

IBM Security X-Force observed attackers pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.

Advertisment

According to the new report, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.

Ransomware top threat for 2021

With the exponential data growth and critical dependency on data availability, cybersecurity has hence become of prime importance to safeguard data from various cyber attacks such as malware and ransomware. Let us take an example of workloads and business applications in the Banking and Financial sector. These sectors thrive on data. From core banking and transactions, credit analysis, wealth management, fraud detection, financial risk assessment, quantitatively trading to Know Your Customer (KYC) management - all these workloads churn and process data, most of which are sensitive, critical, and compliance-driven. Such data attracts black hats and is highly susceptible to cyber attacks. Corruption of this kind of data impacts the banking business, the entire dependent chain, and may negatively disrupt the entire economy of a country.

Advertisment

Hence, it is essential for organizations to readily embrace a robust cyber resiliency strategy, one that will ensure the delivery of intended outcomes irrespective of cyber attacks or data breaches.

Secure your data from cyber attacks

There are defined guidelines and frameworks for the planning of cyber resiliency outlined by National Institution of Standards and Technology (NIST), where resiliency of 'business data' is a core factor of consideration. The deployment should ensure that the following conditions are met:

Advertisment
  • Business data availability within defined service level adherence despite cyber incidents.
  • Shield data from virus attacks, ransomware encryption, or deletion by a malicious user.

These expectations compel infrastructure systems like enterprise storage to be equipped with certain safety features. For instance, support for advance tamper-proof or immutable data copies, storing data copies in an air-gapped environment with controlled access, multi-site data availability, and data backup with defined recovery point objectives. Therefore, organizations must ensure that their data resides on storage systems designed for cyber resiliency.

Create protected point-in-time backup for critical data with integrated threat detection

Advertisment

Enterprise storage system that is featured with safeguarded copy functionalities is very suitable for such needs. A safeguarded copy is an ability for storage systems to frequently create protected point-in-time backups of their critical data, with minimum impact and effective resource utilization. The objective of safeguarded copy is the creation of special recovery copies of data. These data copies are secured to the core with stringent controlled access. And these copies can be recovered to the previous instance without disrupting the existing production environment. The safeguarded copy functionality is quite different from the normal backup of data using snapshot technology and is more attuned for cyber resiliency.

Now, let us evaluate a more advanced cyber resiliency solution. Here, the detection of potential threats is knitted with data protection. Today, business data resides on storage infrastructure, while a suite of security applications spanning across the data centre is responsible for detection, investigation, orchestration, and remediation from cyber events. More often than not, the security and storage deployments in data centres work independently and not in tandem. The irony is that they both have data as a common element that needs to be protected. This categorically beckons tighter integration between storage and security suite of applications, where storage is notified of a threat and data is proactively safeguarded. Simultaneously, telemetry from the storage warehouse is passed onto the security systems for enriching security analysis.

Planning for Cyber Resiliency

Today, deploying cyber resiliency is a requirement; it is essential to consider technologies that support air gapping and safeguarded copy functionalities. Further, implementing these solutions where security and storage systems are tightly coupled within the cyber resiliency framework takes it to the next level. They yield potentially more significant resilient deployments lowering the overall risk from cyber events.

By Sandeep R Patil – Senior Technical Staff Member, IBM Master Inventor

Advertisment