By Saravanan Krishnan, General Manager, Data Protection Solutions, South Asia, Dell Technologies
A ransomware attack is predicted to occur every 11 seconds. Cyber threats do not cause mere thousands of dollars of loss anymore. In Asia Pacific & Japan (APJ) alone, the cost of data loss averaged over USD640,000 in the last 12 months and is approaching four times higher for organisations using multiple data protection vendors as compared to those using a single vendor. According to the latest Trend Micro and the Ponemon Institute 1H’2021 Cyber Risk Index, the top five cyber threats include ransomware, watering hole attacks, advanced persistent threats, malicious insiders, and file-less attack. Asia Pacific (APAC) saw the second highest increase in cyber risk after North America. From discussions with our key channel partners in APJ that have already driven cyber resilience initiatives successfully, I would crystallise an approach centred around helping organisations identify and address four broad priorities that enable cyber protection and recovery.
Priority 1: Prepare as the threat is closer than you think
There is a common misconception that only certain sized businesses or industries are attacked, but the reality is that nobody is immune. Bad actors target businesses of all sizes, and across all industries. And new types of threat are emerging every day – and they often go undetected. Employees are often the weakest link today, just as they were before the pandemic saw a shift to remote work. There is also a related increased potential for insider threats – for example from disgruntled employees who now have remote access to company servers.
Priority 2: Protect your data to elevate your digital transformation and intelligence needs
With our channel partners, we have seen companies make rapid technology changes during the pandemic without fully considering the security implications. According to IDC, security solutions and services spending in APAC is forecast to reach US$39 billion in 2025, growing at a 5 year CAGR (2020 – 2025) of 14.1%. Rising digital transformation investments, coupled with the adoption of digital technologies such as 5G, cloud, intelligent automation, Edge and digital workforce solutions, introduce significant new risks. These include an expanding attack surface and exposure to threat vectors. Aside from this, in the long-term, we are seeing R&D cycles shorten, driven by customer expectations for more frequent product updates, meaning less time to test for vulnerabilities. And we are also seeing the emergence of companies who rely on their digital platform and data as their very identity. The stakes for them could not be higher.
Priority 3: Align fragmented systems, train and scale with focus
According to McKinsey, 87% of executives around the world are also facing digital skills gaps in their workforce, or expect them within a few years. With our channel partners, we believe a new approach is required, and the future cannot be multiple vendors for digital risk management, endpoint security, security operations and incident response, risk and compliance, threat intelligence, identity and access management and network and infrastructure security. There are over thousands of security companies today competing for attention. That old approach is not scalable and untenable.
Our overall vision is for a trusted infrastructure – network, server and storage on any cloud, any application and any device. At that level, we need to protect critical data or apps and enable organisations to recover those assets with integrity so they can resume normal business operations with confidence. Most importantly, there is a need to secure supply chains from physical to cyber and think about the overall supplier risk management. In addition, it is critical to partner with industry as a learning and development collective. For example, Dell Technologies was recently appointed Advocate Under the SG Cyber Safe Partnership Program administrated by the Cyber Security Agency of Singapore. The objective of the programme is to reinforce the message that cybersecurity is a collective responsibility; it is not just the government’s responsibility, but also that of businesses, individuals and the community.
To partner with the channel to drive customer outcomes, it is critical to focus on driving confidence in recovering from a cyberattack through key technologies and processes. The best options are to consider air gapping and immutability to be certain that data is offline and inaccessible to bad actors. Customers should also consider full content indexing with artificial intelligence (AI) and machine learning (ML). This ensures protected data is analysed on a full-content basis, not just metadata and evaluated by an AI/ML engine.
Priority 4: Reimagine Cyber Recovery as a solution
Cyber resilience is the strategy that incorporates people, process and technology into a holistic framework that protects an entire business, organisation or entity. Cyber Recovery is a component of an overall cyber resilience strategy. Cyber Recovery should be focused upon protecting critical data from cyber threats and keeping it away from the attack surface – and then enabling the recovery of that data from an isolated environment when and if necessary.
A good case study in point is our recent work with a global financial services organisation to protect their trading platform and critical data. They had a heterogenous vendor environment and their outage risks was $10M/day. With our PowerProtect Cyber Recovery, we were able to deploy recovery runbooks for all storage and back up environments with an automated and orchestrated process to minimise operational impact. This met the Board’s mandate for efficient and reliable recovery from cyber destruction.
With all these priorities in mind, it is mission critical for the channel to arm themselves with the solutions and skillsets needed to guide organisations towards adopting cyber resilience. We believe the foundation should be built on four key pillars. The first is to innovate to modernise how an organisation designs and builds its digital experiences. Assessment would be the second pillar to ensure an in-depth digital risk maturity audit. With our channel partners, learning with best practices first hand would be the third pillar. Finally, to define your AS-IS and TO-BE states and create the roadmap to an organisation’s security transformation.
To find out more about the Dell Technologies Cyber Recovery Solutions, visit our website.