By Jason Gerrard
Safeguarding digital information and maintaining operational resilience within an organization relies heavily on data security and data protection strategies dovetailing effectively in an increasingly volatile threat landscape. While these are closely related disciplines, data protection more commonly addresses issues relating to data storage, its management and access, whereas measures to prevent cyber attacks form part of the security remit.
However, to combat new and evolving cyber threats these two functions have had to join forces, making them increasingly indistinguishable. Many would agree that this cross-pollination is a positive step forward, creating valuable synergies and efficiencies, and eliminating any grey areas of responsibility. Especially, when taking into consideration how bad actors are targeting a wider range of digital assets, including backup files and archives, in addition to live data and applications.
Ransomware is a prime example of how the goal of an attack is changing. Only a few years ago its aim was to infiltrate an organization’s IT environment, replicate, and distribute itself as widely as possible across the network; and then execute. The execution process was focused on encrypting live data to prevent access to files with the intention of disrupting or completely disabling business operations, leaving many organizations at the mercy of the criminals.
The next stage was to issue the ransom terms for supplying decryption keys in an untraceable cryptocurrency, such as Bitcoin. Organizations with the forethought to have a comprehensive backup solution in place could relatively easily restore most of their data and work through the aftermath of such a breach, dealing with compliance obligations and minimising damage to their brand reputation.
More recently bad actors have upped their game and as well as encrypting network data, they are setting out to permeate backups with malware, making data recovery much harder, if not impossible.
As many backups are not sufficiently defended and can be accessed via network links, attackers have recognised that these huge data stores could bring them greater dividends. Although there are technologies available offering protection, such as immutable storage to ensure files cannot be overwritten or deleted, and air-gapping which physically isolates critical backups, adoption of such solutions is not currently widespread.
Once backups are compromised and recovery isn’t an option, the perpetrators can exfiltrate data out onto the dark web, where they threaten to publish it if their demands are not met. Potential ramifications for an organization can be severe and long term. Risks include significant reputational harm, competitors seeing confidential customer information and intellectual property, as well as compliance fines for data privacy breaches and legal action costs.
A balancing act
These emerging practices, that jump across real-time and stored data, are blurring the lines between what might have once been considered as a problem for either security, or data protection. Now, these issues are more often deemed as shared responsibilities falling within an all-inclusive plan. Having a cohesive, well-thought-out, and tested data protection strategy, which includes security at the heart of it, is essential to meet these more complex demands.
Equally important is balancing prevention with recovery. Preventing intrusion is the first line of defence, but it doesn’t guarantee that a breach will never happen. Having comprehensive backup and recovery is the safety net, so even if a breach occurs, data can be fully restored swiftly. Without this balance, an attack can bring down operations for hours or even days, erode customer trust, and lead to irreversible damage. The right combination of security measures assures resilience and minimises downtime. It could be the difference between survival and failure in the cyber battleground.
Organizations with multiple data protection and separate security solutions will find it more difficult to put together a cohesive plan if legacy solutions cannot interface with each other or integrate with internal systems. Businesses should evaluate the efficiency gains from consolidation and consider implementing solutions that can bring together key data protection and security tools in a single platform.
Vendors must step up too
Data protection and security vendors must step up too and prioritise the integration of their technologies with each other to provide comprehensive, seamless security solutions. Before selecting products, organizations should review offerings from best-in-class providers and check out what integrations are available. For example, data backup and recovery solutions should offer straightforward integration with tools for SIEM, SOAR, and identity management to minimise security gaps and increase efficiencies. These types of collaboration are vital to support customers and their multifaceted security requirements.
The current trend of partnerships between vendors will increase as data protection and security continue to evolve hand-in-hand to unite against the threats posed by cybercriminals. The growing choice of integrated tools, together with the combined expertise of compliance and security professionals, will simplify deployment and management as well as deliver powerful defences against the onslaught of cyber attacks.
Jason Gerrard, is Senior Director of Systems Engineering at Commvault