While India Inc. has progressed exponentially with digital transformation, securing mission-critical data remains an area where business leaders lack confidence. Data management cannot be an afterthought in the data era especially as cyber-threats and ransomwares become increasingly sophisticated. The first step for drawing a future ready cyber resiliency action plan is recognising the gaps existent in the organisation.
Cyber resilience involves a strategy to mitigate the impacts of cyberattacks and resume operations after systems or data have been compromised. Cyber resiliency requires addressing the areas of the business where a threat or incident can do the most damage to critical data.
While cybersecurity solutions are focused on protecting systems and networks from malicious attacks, cyber resiliency helps ensure that the damage from attacks is minimised.
Ransomware threats have made over a 13% jump over the last year globally with an average of over 11 million attacks everyday. India continues to be one of the countries most at risk with over 200,000 attacks recorded every day by the Indian Computer Emergency Response Team (CERT-In) in early 2022. Recent reports share that there have been over 18 million cyberattacks in India in just the first quarter of 2022, out of which over 30,000 were tech support scams.
It is clear that cyber attackers recognise the value data has over businesses. The impact could be worse if the attackers hold a business at ransom, use the data for corporate espionage or sell business data for commercials. Hence it is crucial to work on areas where a business might be lacking in a strong IT action-plan. Some of the areas where businesses will need to draw their attention to, are:
- Security is far too siloed – Cybersecurity has gotten defined within the confines of different development teams each building to their narrow functional lens, so it doesn’t play well across an organisation. Security has to be purpose-built to detect and mitigate threats, aligned with overall business objectives.
- Digitising without security infrastructure – As organisations hasten their pace of digital transformation, many of them make rapid technology changes without considering the security implications. In this data era, security transformation must accompany digital transformation.
- Afterthought on security integration – Security applications have long been bolted-on and some have been an afterthought when creating new technologies. Often, security integration is not considered until after applications and processes have been developed, and then the framework is adapted to fit over existing operations as best it can.
- Starting business IT roadmap with misconceptions around security – There is a misconception that only certain sized businesses or industries are targeted for cyber-attacks. Organisations overlook their security planning and only focus on preventing an attack. Organisations must instead operate with the assumption that an attack is just a matter of time, in spite of the best defences possible, and have a rapid recovery strategy in place.
As Indian businesses progress in the era of digital transformation, it will be crucial to assess the cyber-resilience framework in their organisation. A cyber recovery solution solves these challenges by providing analytics and forensics to quickly determine the last known good, trusted copies to recover. The most effective cyber resiliency strategies involve using best practices involved in protecting data. This includes ensuring the right level of access controls, immutable copies of data, anti-virus and anti-malware.