By John Ward – Data protection is certainly more important than ever before, due to proliferating cyber-crime and an expanded attack surface in which work-from-anywhere (WFA) employees are accessing – and using – enterprise data anywhere and everywhere.
The risks to data have grown exponentially. Not only can it be hacked and exposed, it can also be locked down in a ransomware attack, leaked accidentally, corrupted or lost. Whether it is stolen or lost, the impacts can be equally devastating for organisations.
While encrypting data, incremental backups daily, weekly, monthly and yearly, and regular tests of backups and tape drives remain standard best practices, many organisations also back up to the cloud for peace of mind. The problem here is that whether you’re backing up to tape drives or the cloud, malware can end up in the backup environments too.
Having backups sent offsite to a platform that can disconnect is key. However, the 2021 Global Ransomware Survey by FortiGuard Labs found that only 58% of respondents were relying on offline backups to protect data from ransomware. This indicates that there is room for improvement; but these measures are just a part of the puzzle when it comes to ensuring data is safe.
Protecting data in its entirety
Taking care of data through its entire lifecycle from beginning to end, in its entirety, while taking a platform approach, is the way to go when protecting data backups.
Truly protecting data demands controlling access to it wherever it resides, protecting it at rest, in transit and in use.
And organisations must protect that data as it flows across internal, external platforms and the public Internet. Without the right protection in place, organisations are putting themselves at significant risk. This may include employees creating new instances of data at rest by copying and pasting a file to a laptop or sharing data with unauthorised people in a spreadsheet or zip file.
The actions are often banal, but the potential impact can be devastating. In fact, according to the Ponemon Institute’s annual Cost of a Data Breach Report, the average total cost of a data breach is nearly $3,92-million, with an average of 25 575 records being stolen or compromised.
A key first step for organisations is to classify their data; determine what data can and can’t leave the company, what data should be reserved for authorised users only, what data is highly sensitive, etc. Having classified the data, the appropriate access can then be put in place, using for instance a zero trust model with multifactor authentication (MFA) to minimise the risk of lost credentials.
Once inside an organization’s infrastructure, segmentation is critical to ensuring that a threat actor or malware in one area is not able to move unhindered throughout the network and escalate privileges. Solutions that automatically detect anomalies and raise alerts when anomalous activities are detected are crucial. They can significantly reduce the time to detect and respond – commonly referred to as MTTD (mean time to detect) / MTTR (mean time to respond).
In addition, given the proliferation of SaaS applications that organisations now rely on for their daily operation, these represent a new challenge for data protection. Visibility and control are critical and demand the use of Cloud access security broker (CASB) offerings that are tailored to addressing the specific risks these SaaS services bring.
By interfacing to these services, CASB offerings identify and even stop the numerous risks and policy violations that may occur, including the exposure or downloading of sensitive data.
Security is a journey but the right path is paramount to protecting your most precious asset – data. Taking a platform approach offers a modular but integrated and collaborative framework that enables organisations to grow and expand their secure maturity as their expertise, their budget, and their priorities evolve.
This platform approach not only simplifies this task, it also increases its effectiveness. This journey is supported by enablement: rely on the training programmes, support and expertise that good partners offer. Knowing how to leverage and integrate each of these elements is key to success.
John Ward is the principal and SME for cloud technologies: Africa at Fortinet