Powered by MOMENTUM MEDIA
Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Op-Ed: A new wave of cyber threats makes digital resilience a priority

Cyber attackers are evolving in complexity and sophistication at an unprecedented rate – catalysed by COVID-19. Increasingly, more destructive modes of attacks, such as island-hopping, have emerged over the past year. These have also led to high-profile breaches, especially over the past few months, with the threat of more on the horizon.

Cyber attackers are evolving in complexity and sophistication at an unprecedented rate – catalysed by COVID-19. Increasingly, more destructive modes of attacks, such as island-hopping, have emerged over the past year. These have also led to high-profile breaches, especially over the past few months, with the threat of more on the horizon.

ACSC reported 59,806 cyber crimes between July 2019 and June 2020, and the Australian Bureau of Statistics reported that one in three data breaches (35 per cent) in Australia are due to human error, steadily climbing since early 2020.

Advertisement
Advertisement

Major cyber attacks, including ransomware, have the potential to kneecap the operations of business. The stakes are high – with potentially sensitive data or essential operations at risk, companies need to be prepared for inevitable attacks.

As the threat landscape continues to evolve, resiliency will be central to businesses succeeding in the new normal. According to IDC, organisations focused on digital resiliency will be able to adapt to disruption 50 per cent faster than those that focus on restoring existing business and IT resiliency levels in 2022.

Managing the intangible

In our increasingly digital world, it is not an organisation's physical assets that catch the eye of cyber criminals. When cyber attackers take aim, the main target is usually data the lifeblood of business. Data and workloads are generated and moving from on-prem, to the cloud and back again across the company, creating a multi-generational data sprawl daily. Hence, it is essential that companies have a complete and updated overview of their data.

Commvault research, conducted by Tech Research Asia, surveyed 280 businesses in Australia and New Zealand and found that 60 per cent of companies in ANZ reported being targeted by a cyber security attack in the last 12 months, with production data the primary target. With only 20 per cent of companies that were subject to a cyber security attack in 2020 not losing any of their data, being able to get operations running again is critical.

Defining policies and standards on data management is critical to surviving an attack. Properly classify data based on how critical or sensitive it is enables companies to prepare recovery protocols that restore systems in order of operational impact to get people back online and operational as efficiently as possible.

Maximising resilience

Unfortunately, the exposure to a breach or an attack seems to be an eventuality for most organisations. In such a situation, maintaining system availability will be key to keeping up operational capabilities. Resilience must be an integral part of businesses data management. A backup and recovery plan for classified, essential and sensitive data is necessary for organisations to quickly mitigate a cyber attack. Such a plan is also important for regulatory and compliance requirements.

Taking a layered approach to securing data, such as immutable backups and air-gapping, also helps ward against malicious threats. To achieve this, businesses can explore backup-as-a-service (BaaS) options for backup, recovery, and data protection to preserve an airtight virtual copy of their data in the cloud. A cloud-based backup and recovery can help organisations manage compliance, scale when needed, and to manage increasing data costs. BaaS is perfect, as it can be moved from the traditional capex to opex immediately without infrastructure.

Furthermore, businesses will do well to maintain a state of recovery readiness and be regularly monitoring and evaluating their processes. Regular threat-hunting, vulnerability assessments, and penetration testing should be part of the cybersecurity roundup. Besides that, IT teams need to ensure redundancy in all essential, high availability IT systems.

Lastly, organisations must have a plan ready for when disaster strikes. When data is compromised, such as through ransomware, disaster recovery is essential to reducing breach impact and resuming normal business operations.

David Rajkovic is the Commvault area vice president of Australia and New Zealand.

Op-Ed: A new wave of cyber threats makes digital resilience a priority
computer-monitors.jpg
lawyersweekly logo

more from cyber security connect

Jul 28 2021
RMIT unveils plans to launch supercomputing facility, first Australian university to reach milestone
Melbourne’s RMIT has unveiled a plan to be Australia’s first university to launch a cloud superc...
NDAA bolsters cyber security spending
Jul 28 2021
NDAA bolsters cyber security spending
The United States’ Senate Armed Services Committee has approved the National Defense Authorisation...
Jul 28 2021
Rethinking cyber security strategies to secure Australia’s remote workforce
Rick McElroy, the principal cyber security strategist at VMware, offers insights into how organisati...