We All Must Become Data Protectionists
November 15, 2022

Simon Taylor
HYCU

Data breaches cost US companies an average of $9.4 million(link is external) — and by 2031, ransomware attacks will happen every two seconds(link is external). To address the scourge of cybercrime, we must all become data protectionists.

It's no longer strictly an enforcement issue, governmental concern or business data issue. Cybercriminals target vital organizations like healthcare, education and infrastructure, threatening our safety, and our lives. With each successful breach and ransom payment, hackers grow more emboldened and continue to wreak havoc. The honest effort to fight these global attacks needs to begin at the local level. With data as our most valuable and exploitable asset, all organizations must invest in protection, period. It's the foundation for backup and, ultimately, for recovery in the inevitable event of an attack where hackers hold data hostage.

To prepare effectively with today's IT solutions is challenging. Nearly two-thirds of business leaders(link is external) lack full confidence in their legacy backup solutions — a sobering statistic. New companies, especially, face challenges instituting backup procedures. Established organizations typically have IT departments to manage cybersecurity, but many start-ups are cloud-native and lack the resources to hire dedicated IT staff. Contrary to popular belief, cloud services don't secure your data. Under the practiced cloud-sharing model, cloud services merely hold the data — it's up to you to protect it.

These three steps can protect your data regardless of your organization's size or age.

1. Be prepared to recover from breaches

Hackers are tenacious, making it crucial to create data protection processes. But you can't stop there. You must assess your preparedness by evaluating your data storage practices and recovery capabilities. In addition to a secure backup process, you must create and practice a step-by-step restoration strategy.

With that in mind — do everything you can to prevent a breach. Start with consistently updating software and hardware to patch known vulnerabilities. Maintain an inventory of devices connected to the network. Consider hiring a managed service provider to oversee data protection. Smaller or newer companies lacking the resources to do it themselves benefit especially from this service.

The other factor you can't neglect? People. More than 80% of data breaches(link is external) involve a human element. To protect against these attacks, require multi-factor authentication for your data, limit access and password-sharing and train your employees to recognize common phishing, social engineering and other hacks and their associated risks.

We can't bury our heads in the sand. With ransomware as a service (RaaS) making hacking more accessible and the growing sophistication of attacks, no prevention strategy is fool-proof. That's where these next steps come in.

2. Back up data with the 3-2-1-1-0 rule

Backing up your data is a requirement. So what's the best way to do it? Observe the 3-2-1-1-0 rule. Back it up three times with two copies stored via different media or locations. Store at least one backup copy offsite or in the cloud and one totally offline. And you must ensure there are zero errors in your data by checking the backups daily to confirm they are storing the crucial data and immediately correcting any issues.

Just because you possess data copies doesn't guarantee you can restore damaged files. Backups are only as good as their recovery plans.

3. Prepare a ransomware recovery plan

When hackers demand — and companies pay — a ransom, there's no guarantee the hackers will release the data. Only 4% of companies(link is external) that pay a ransom have all their information returned. Even if you do receive your data, the restoration process is tricky. It requires identifying and removing any compromised data and a thorough database inspection before using backups to restore and reset. Whether you pay a ransom or not, the recovery process is still complex and could cause excessive downtime and lost revenue. So how do you circumvent these challenges? Plan ahead.

It is important to note — a ransomware recovery plan is not the same as a disaster recovery plan. Unlike recovery from a natural disaster or human error, ransomware recovery is necessitated by a threat or criminal activity. The primary goal of a successful plan should focus on business restitution without the loss of business continuity and the ability to recover all of your data without paying a ransom. A proper strategy can enable recovery in minutes — not days or weeks. Most processes involve backup software, hardware, Backup as a Service (BaaS) or some combination of these elements. The ransomware recovery plan should balance a company's internal capabilities and risk tolerance.

Equally critical — everyone involved in the procedure must maintain and practice the plan. Write down each step and regularly review the process. Run a simulated hack to verify the strategy's effectiveness, and set a schedule to review and update it as circumstances and business needs evolve. Organizations that tested their plan saved $2.6 million(link is external) compared to those that didn't.

Ending cybercrime requires a group effort. Each organization must assume responsibility for its own data protection. The more difficult it becomes to hack into an organization, the more cyberattacks fail — and the less incentive cybercriminals have to continue their assault. Prevention through proactive strategies across all industries offers the best defense to protect individual and company data. We all bear responsibility in this fight — we must answer the call to become data protectionists!

Simon Taylor is Founder and CEO of HYCU
Share this

Industry News

February 18, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Check Point CloudGuard solution has been recognized as a Leader across three key GigaOm Radar reports: Application & API Security, Cloud Network Security, and Cloud Workload Security.

February 13, 2025

LaunchDarkly announced the private preview of Warehouse Native Experimentation, its Snowflake Native App, to offer Data Warehouse Native Experimentation.

February 13, 2025

SingleStore announced the launch of SingleStore Flow, a no-code solution designed to greatly simplify data migration and Change Data Capture (CDC).

February 13, 2025

ActiveState launched its Vulnerability Management as a Service (VMaas) offering to help organizations manage open source and accelerate secure software delivery.

February 12, 2025

Genkit for Node.js is now at version 1.0 and ready for production use.

February 12, 2025

JFrog signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS).

February 12, 2025

mabl launched of two new innovations, mabl Tools for Playwright and mabl GenAI Test Creation, expanding testing capabilities beyond the bounds of traditional QA teams.

February 11, 2025

Check Point® Software Technologies Ltd.(link is external) announced a strategic partnership with leading cloud security provider Wiz to address the growing challenges enterprises face securing hybrid cloud environments.

February 11, 2025

Jitterbit announced its latest AI-infused capabilities within the Harmony platform, advancing AI from low-code development to natural language processing (NLP).

February 11, 2025

Rancher Government Solutions (RGS) and Sequoia Holdings announced a strategic partnership to enhance software supply chain security, classified workload deployments, and Kubernetes management for the Department of Defense (DOD), Intelligence Community (IC), and federal civilian agencies.

February 10, 2025

Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.

February 10, 2025

Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.

February 06, 2025

GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.

February 06, 2025

Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.

February 06, 2025

Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.