Data has often been likened to the ‘new oil,’ a comparison that remains apt in today’s landscape. It’s widely acknowledged that access to vast amounts of data enhances a business’s ability to refine its internal strategies, leading to more effective client interactions and ultimately driving positive outcomes for the organisation.
So says Lloyd Timcke, Regional Director – Africa and Israel for Zero Trust data security company, Rubrik, a vendor partner to trusted cybersecurity specialist Exclusive Networks Africa, who explains further. “After having seen first-hand, from the early days of ‘Big Data’, the real-world use cases that that have helped to improve decision making, efficiency and revenues, as well as reduce costs all over the industry, the significance of data in shaping modern business strategies cannot be overstated.
“These data-driven tactics have completely changed the way in which organisations operate today, and how they service their clientele. For instance, consider advancements in the medical industry alone: being able to analyse thousands of cases and data sets in seconds, and then using this information to provide guidance to improving a patient’s well-being, is helping to save people’s lives.
“As another example, financial services companies can now model their clients’ data in milliseconds to offer better experiences, or even loans, based on decision engines processing data. This amount of data would previously have taken humans days to analyse, but today these almost instant results have become commonplace.”
Getting a handle on the data deluge
For years now, we’ve all been aware of the rapid growth of data but, in truth, the data explosion has outstripped all expectations.
“In 2008, Wired Magazine declared that we were entering the ‘Petabyte Age’[1], and in 2014, analysts were preparing companies for a ‘big data explosion’ driven by the advent of social media, and mobile and web advertising. A recent global study by Rubrik[2] shows that a typical company’s data grew by 42 percent between 2022 and 2023, with cloud data increasing on average 73 percent year on year, and software-as-a-service (SaaS) data by 145 percent.
“The sheer amount of data available today has underscored the importance of getting to grips with understanding where it lives, what sensitivity that data yields, and which compliance category it needs to fall into, as well as how the business can use and hold this data.”
Data’s biggest threats
Timcke emphasises that as data volumes surge, so do the risks associated with its protection. “We know that data is growing exponentially, and the use cases increase to deliver value, but this also makes businesses incredibly vulnerable to bad actors and people who want to take advantage of the companies holding and relying on this data.”
Rubrik’s ‘The State of Data Security’ paper states that 99 percent of organisations surveyed suffered an attack last year, with 53 percent of these businesses experiencing a material loss of sensitive information.
So, with these figures in mind, it’s clear that a mind shift is required, one that takes organisations to an ‘assume breach’ mentality. This means asking the difficult questions about recoverability and resilience, including:
- How confident are we in our ability to get our business up and running after an attack?
- How can we test and validate whether our recovery plans work?
- How can we run security tests and assessments that allow us to evaluate our response and recovery plans?
By ensuring that technology leaders are asking the right questions and interrogating their current backup systems to ensure resilience, businesses are better equipped to deal with market shifts and face risks head on.
Generally, Timcke explains, there are two types of risk associated with a company’s data.
The first, time-based risk, centres around business operations and resilience: how quickly can the business remediate in the event of a data or cyberattack and return to operations? The second, which is data sensitivity risk, is based on understanding where sensitive data is stored and exposed, including points such as where this data lies, who has access to it and the impact with regards to reputation, regulations and compliance.
So, while data has effectively helped to provide positive results for businesses, it also brings with it a number of considerations that need to be addressed to avoid possible negative impacts.
The data management market has seen a significant shift towards ‘data resilience and security’, and this is represented in the changing dynamic of the market and requirements. Legacy technology was never built to be resilient in a secure manner, but it is now mandated now to include cyber recovery as part of a security strategy for many organisations.
Meeting compliance requirements
Compliance with regulations such as the South African Protection of Personal Information Act (POPIA) and the EU’s General Data Protection Regulation (GDPR) is another factor affecting local companies, and their focus on data governance, says Timcke.
“We have seen recently that there is an increase in legislation around both POPIA and GDPR being enforced, making it a business-level risk, with implications for businesses, their profitability and their reputation, and a challenge that must be addressed at board level.
“In South Africa, there is then the requirement from the South African Reserve Bank and the Financial Sector Conduct Authority (FSCA) to comply with the Joint Standards for Cyber Resiliency, which will come into force shortly once ratified by Parliament. This will require organisations to ensure cyber resilience, by detecting and recognising compromise with the required ability to recover and resume services timeously – with specific requisites for data to be restored with a logical air gap.
“So now we also have massive regulatory requirements coming into effect, with a huge increase in cyberattacks and activity in Africa – meaning that businesses are required to protect and mitigate against this risk, while facing the possibility of huge regulatory fines and other consequences, like imprisonment in some African countries. This beg the questions: do businesses decide against compliance and prepare to face an attack where they may not be able to recover timeously?”
A
s a last word
“In my opinion, with the exponential growth in data, the enhanced ways in which we use and acquire sensitive data, and the explosion of cloud and SaaS-based application use, businesses need to ensure that they have a modern and automated approach to protecting and securing data, in a zero trust framework, with an ‘assume breach’ mentality.”
As part of its strategy to delivers a best-in-class cybersecurity and digital infrastructure technology portfolio, Exclusive Networks Africa understands that many organisations still have a disconnect between how organisations behave and how their experts feel about their data security approach.
“Cyberattacks in Africa are only gaining in impetus, so it is becoming increasingly important for local organisations to improve their cyber resilience, or ability to recover from an attack,” comments Anton Jacobsz, managing director at Exclusive Networks Africa. “Rubrik’s solutions are able to assist here, not only by mitigating risk, but also by ensuring that businesses know where their sensitive data resides, that they have ransomware-proof backups in place, and are able to restore data quickly for business resiliency.”
For more information on Exclusive Networks Africa’s focused cybersecurity offering, please visit https://www.exclusive-networks.com/za/
[1] https://www.wired.com/2008/06/pb-intro/
[2] https://www.rubrik.com/zero-labs?utm_source=linkedin-organic&utm_medium=organic-social&utm_campaign=7016f000002BQx4&utm_content=141123&gh_src=2c3b02b81us