Is your cyber resilience strategy fit for purpose?

By Gareth Beanland, Country Manager, UK&I at Infinidat and a specialist in enterprise storage.

Gareth Beanland, Country Manager, UK&I at Infinidat and a specialist in enterprise storage.

There’s a good reason why the UK government is urging companies to bolster their online defences. Somewhere in the world, a different organisation succumbs to a form of cyber threat every couple of seconds. It’s all part of living and working in a VUCA (volatile, uncertain, challenging and ambiguous) environment, and strangely, this backdrop just seems to be intensifying all the time.

Threats of a cyberattack are becoming ever more commonplace and concerning. We saw this during the Covid-19 crisis. In 2020, 36% of organisations faced a ransomware attack, compared to just 27% in the previous quarter before the pandemic started. Now international conflict, economic sanctions, and continuing supply chain pressures are further intensifying these already very high risks. So much so, that the National Cyber Security Centre (NCSC) is warning that companies should be properly prepared.

Are you? And most importantly, have you considered the cyber risks of your enterprise storage infrastructure? There’s always a great emphasis on firewalls and securing the obvious networks and communications infrastructure, but storage is mission critical too. It is where your data – the lifeblood of your organisation – resides. All companies should be able to quickly restore data from their primary and secondary storage resources as part of an effective cyber resilience strategy. This article explains why it’s important and the practicalities to consider.

According to business insurers Hiscox, the biggest cyber threat of all to companies comes from ransomware. This criminal enterprise is costing businesses over £58 billion per year globally, with average demands from hackers commonly reaching 6 figures. It’s not just the obvious banks and telcos being targeted. Consider the public sector cyberattack and subsequent security breach discovered in December 2021 as a good example. The cost of repairing damage caused during this attack – the second in two years – is already estimated at £630,000 and the figure is still rising.

There are many lessons to be learned from well publicised cyberattacks about the threat of ransomware to an organisation’s data – especially where that data is stored in a private cloud. Most CIOs should already be doing a pretty good job of securing primary storage resources – this is the data in constant use. They may be less proactive about securing their secondary storage – backup data and archived records.

Ultimately, secondary storage is as important as primary and in fact, some experts would argue it is even more mission critical. To effectively execute profitable cyberattacks, such as the use of ransomware, cyber criminals know they need to control not just essential business data sitting on our primary storage, but also the valuable data sitting in your secondary storage and backup repositories. Here’s why. If a hacker penetrates your primary data with ransomware, or gains unauthorised access and issues a financial threat, there’s less impetus to meet their demands if you can recover from one of your backup datasets. But if data in secondary storage is infected with some form of ransomware or malware too, you’re at their mercy.

Alarmingly, when it comes to protection against cyberattacks, companies very often don’t even know that a criminal has infiltrated their firewalls – either within the data centre, networks or storage and servers. As a result, data breaches may not be detected for months – the average timescale from initial incursion to an attack’s resolution is now 287 days. That’s over 9 months.

If malware is lurking for longer than the average pregnancy, companies really need to get better protected. The problem is knowing how. IT teams often don’t really understand how hard it is to detect ransomware and malware. It’s as if a highly sophisticated, deep cover “spy” is present, either planting the seeds to inflict damage or quietly stealing the organisation blind.

To address this critical issue, companies need to ensure all their storage systems can provide the right levels of enterprise cyber resilience protection. This should include the following: immutable snapshots to prevent data tampering, logical local and remote air gapping to restrict access, very importantly fenced or isolated networks in the same platform, and rapid data recovery. By having these 4 critical elements in your cyber resilient storage, you can ensure the ability to minimize any cyberattack and be up and running quickly and safely, should a malware or ransomware strike your enterprise.

More CIOs and end-users need to understand how storage fits into their over-arching cybersecurity. Yes, it’s important to protect networks, servers, and the edge, but enterprise customers must protect their enterprise storage environment as well. If more companies do not take cyber resilience seriously in 2022 and beyond, the price they will pay for cyberattacks will become even more crippling.

Author Bio:

Gareth Beanland, Country Manager, UK&I at Infinidat and a specialist in enterprise storage.

Infinidat offers a range of enterprise storage solutions and is devoted to helping its clients compete more effectively in the petabyte era. Learn more: Why Infinidat?