As cyber attacks soar, a data recovery plan must be fully integrated within the business and align with its cloud strategy

During these extraordinary times, when the world is fighting against the deadly COVID-19 pandemic, other threats like the danger of catastrophic cyber attacks have fast mushroomed alongside. As business leaders come face to face with rising cases across the world and in India, the need to be prepared with better data security solutions arises. The World Economic Forum’s Global Risks Report, 2020 ranks cyber attacks as the second risk of greatest concern to businesses in the coming decade. As the tools of the Darknet become more sophisticated and accessible, cyber attacks are becoming increasingly borderless — taking advantage of jurisdictional constraints of regional authorities.

According to an industry research by Frost & Sullivan, 46 per cent of Indian organisations that are in the process of digital transformation have encountered a security incident in 2019. In fact, as per another industry report released recently, India witnessed a two to three-fold increase in the number of cyber attack incidents during the ongoing lockdown that began on March 25.

As it is, cybercrime constitutes a serious problem for India even outside of crisis periods. India was among the top five most targetted countries in the world by cyber criminals in recent years, reflecting the significant amount of work still outstanding in strengthening the nation’s cyber defences. Though it is a positive development that more than 550 million Indians have connected to the Internet in recent years, fuelled by rural growth, this comes with its own set of problems. The rapid proliferation of Internet users and of the Internet of Things (IoT) has also left the country’s public and private sectors vulnerable. We are seeing more and more large-scale data loss and the rise of ransomware attacks — so business resilience planning is key to survival.

Why medium-sized businesses must act now: Reacting in real time to a cyber attack is already too late. Managing the risk requires agility, meticulous alignment across the business and testing to maintain awareness. It is all about being proactive rather than reactive. Cyber resilience is more important than ever as medium-sized businesses assess their risk of being attacked, whether at the hands of criminals or as collateral damage in cyber warfare. Any data loss can put the nails in the coffin for unprepared businesses. While today’s business leaders may hope to evade the hit-list, it is a matter of “when” not “if” an attack happens.

Defending against catastrophic data loss: Defending a medium-sized business from the worst-case scenario and mission-critical data loss requires cyber security expertise and a holistic approach to resilience. Awareness needs to be built across the business —this is not just a technical problem. Synergy between technology and business processes is where true resilience is attained. Leaning on cyber experts when it comes to planning and implementation will help businesses identify key applications, recovery times and objectives.

Every arm of the business needs to understand where its most sensitive data and services are parked and the level of risk around them. To understand the level of risk, an agile approach is needed because risk changes along with the business landscape. For this reason, regular scans and analysis of the internal landscape are essential to understand these changes and the impact.

Protecting a huge portfolio of assets is not easy, especially as it expands. But every business must understand what its DNA is — that’s the critical 10-15 per cent of data that must be protected at all costs. This is the lifeblood of an organisation and, in the event of a cyber-attack, is the difference between its life and death. It is business-critical and must be decided upon with a holistic view. For some organisations, this can often lead to analysis paralysis — the desire to save it all. In the same way that we would only carry our most essential belongings from a burning home, businesses must decide upon their most prized data so that it can be protected and used to recover the business in the aftermath.

There is a cure: The good news is this process can be simplified by data protection and cyber-security services that enable organisations to establish policy-driven automated workflows to move business-critical data into an isolated environment and lock it down in less than five steps. This is called a cyber-vault, the ultimate protection for a business’ DNA.

In the event of an attack, this data will help businesses to recover. When responding to cyber incidents and working to bring critical systems and data back online, accuracy and simplicity matter. A cyber recovery plan must be fully integrated within the business and align with its cloud strategy.

Businesses are increasingly aware of the dangers of a cyber attack but they need to truly invest in cyber resilience in order to shore up the gaps in the ever-changing work environment. And cyber security expertise is vital. The clock is ticking, it’s not a matter of “if” but “when” and businesses need to be prepared.

(The writer is Director and General Manager, Data Protection Solutions, Dell Technologies)