Instead of thinking of security as a prevention tool, firms must incorporate it into product design from the start so that the architect systems are impenetrable
In the new digital era, where data is growing at an unprecedented rate by the second and where organisations are quickly becoming data-first, one thing has become crystal clear. That the “this is good enough” approach by businesses, across the globe and in India, is no more acceptable when it comes to safeguarding the most precious capital, i.e. data, from an external intrusion. Ever since businesses have become increasingly dependent on their data to fuel innovation, drive new revenue streams and so on, Information Technology decision-makers have not just been evaluating their current data protection preparedness but have also been ramping up their investments in this regard.
However, over the past few months, since organisations have been fixated on quickly transitioning towards remote working due to the Coronavirus pandemic, they might have missed out on something vital that they should have been focussing on and that is the threats that come along with this work culture. As a result, the world and India with it, has been witnessing a steady uptick in the instances of cyber attacks.
For example, as per a recent report, India witnessed a 37 per cent increase in cyber attacks in the first quarter of this year as compared to the last quarter of 2019. The data also show that India now ranks 27th globally in the number of web-threats detected in the first quarter of this year as compared to when it ranked on the 32nd position globally in the fourth quarter of 2019. India also ranks 11th worldwide in the number of attacks caused by servers that were hosted in the country, which accounts for 22,99,682 incidents in the first quarter of this year as compared to 8,54,782 incidents detected in the fourth quarter of 2019, says the Kaspersky Security Network report.
Another report claims that data of over 21,000 Indian students, including their Aadhaar cards, photos and so on, have been put on sale on the Dark Web. Another instance of data being leaked on the Dark Web came to light in June, with a massive data packet — nearly 100 gigabytes in size — being put up for sale. The data comprises scanned identity documents of over one lakh Indians, including passports, PAN cards, Aadhaar cards, voter IDs and driver’s licences. Thus, given the rising data security concerns and incidents, chief technology officers (CTOs) need to look for a holistic approach towards data protection and management. Now, they need to be cognisant about how to respond, recover and learn in case a cyber intrusion occurs. Here are a few tips for CTOs that will help them redefine their data protection strategy.
Drift away from security to resilience: With the evolving nature of cyber attacks, it’s time for businesses to stop reacting and start anticipating. Loss of critical data has the power to not just cripple a company in no time but also damage its reputation for the long-term. Hence, instead of relying on traditional methods of data security i.e. identify, protect, detect, respond and then recover, organisations must imbibe state-of-the-art resilience strategies i.e. learn, respond, monitor and anticipate.
Adopt a security strategy ingrained in product mindset: Businesses must not only think about making security intrinsic to technology infrastructure but also aim at enabling security professionals become intrinsic to future product development. They need to transform into a data-first and product-first mindset organisation in order to be able to remain competitive in the future. Thus, instead of thinking of security as a prevention tool, the need of the hour is to incorporate it into the product design from the beginning so that it will make the architect systems and processes impenetrable.
The key to a winning strike is the right digital partner: In the past, businesses have been using a hit and trial method with regard to choosing their digital partner and this approach has brought in more vulnerability to their sensitive data assets. As per a report by Vanson Bourne, organisations in the Asia Pacific and Japan, which were relying on more than one data protection solution provider, were almost four times more vulnerable to a cyber incident that prevents access to their data. Hence, in order to combat the external threats, businesses must choose a single technology partner that delivers multi-platform security.
While it is critical to invest in the right technologies, it has also become utmost important for businesses to ramp up their education and awareness levels to stay abreast with new security threats. Therefore, to end the constant tussle between finding the right data protection architecture and keeping up with the modern security approaches, CTOs must focus on strategies that redefine their data protection ecosystems from time to time.
(The writer is Director and General Manager, Data Protection Solutions, Dell Technologies)