The ever-evolving cyber-attack
As the world is becoming more digitised, so too is the threat of cyber-attacks growing. With businesses moving towards more hybrid cloud and multi cloud-based solutions, it begs the question, how resilient are their back-up capabilities?
Electronic Specifier spoke with Sergei Serdyuk, VP of Product Management, NAKIVO, about the key challenges of the data protection industry and where it’s headed. Serdyuk, who has worked in the IT industry for over 15 years and has extensive experience in software project management, product management, virtualisation, cloud, and data protection, imparts his tips on how organisations unknowingly expose their data to help optimise back-up and recovery strategies.
What are some of the key challenges within the data protection industry?
Right now, the most challenging aspects of data protection have to do with the evolving needs of organisations. On the one hand, companies often lack a structured approach to data management, which leads to siloed data protection practices between departments, mismatching inventories, and important data left out of the protection strategy scope. On the other hand, organisations need to keep up with the evolving regulatory landscape, which can make established approaches obsolete. On top of that, there’s the usual problem of staying within the budget, which may sound trivial but is actually a formidable challenge for both small and large enterprises.
How is the data protection industry evolving to meet these challenges?
The most productive way to address these challenges is twofold: to help organisations develop efficient data protection strategies while at the same time creating solutions that provide the capabilities for implementing them. At NAKIVO, we achieve this by creating a solution that can meet the demands of modern organisations, big and small alike, and developing guidelines on how to apply this functionality best to create a data protection architecture that’s reliable and affordable.
How are organisations unknowingly exposing their data?
There are plenty of scenarios where an organisation’s data can get exposed. Let me give you an example: a situation where an employee accidentally or, in some cases, intentionally leaks sensitive documents by forwarding an email or giving access to a network folder. Another scenario is where the organisation’s IT infrastructure is not configured correctly. Any flaw, from a network port left unsecured to a SaaS (Software-as-a-Service) platform with no authentication setup or backup data stored in unencrypted form, creates the risk of exposure.
Today’s cyber criminals target not only data, but backups as well. How can organisations bolster their protection against potential threats? And if the backup is a potential target, how do you protect it?
There are two aspects to back-up data protection: keeping backups intact and available for recovery and ensuring that in the case of a breach, no sensitive data gets into the wrong hands. To achieve the former, copies of backup data should be stored in different locations and/or on various media and also in WORM (write-once-read-many) volumes. The latter can be achieved through access restrictions and backup encryption to ensure backup data doesn’t get into the wrong hands.
What advancements are there in backup capabilities and how do they surpass legacy backup solutions?
The first major advancement is applying data protection to large and dynamic environments efficiently and cost-effectively. As the infrastructure scales up, protection efforts must keep up, and legacy solutions don’t offer practical ways to solve this problem. The second advancement is the integration of modern services and hardware solutions. Data management and protection inventory tend to grow in size and complexity over time, and legacy solutions don’t provide the means for coordinating their functionality. To overcome the limitations of legacy challenges, innovative backup solutions now offer extensive capabilities for automating and streamlining data protection activities, as well as integration with popular cloud platforms and storage appliances. Keeping track of the industry trends on the part of backup vendors is vital to ensure alignment of their solution updates with potential threats, such as ransomware, where attacks become increasingly sophisticated. Regular solution updates should also be carried out to offer the most advanced and cost-efficient data protection possible.
How are these advancements helping organisations tackle the challenges previously mentioned?
The ability to adjust and automate backup runs can unify data protection practices across organisations. Properly configured backup policies eliminate the risk of security gaps due to miscommunication. At the same time, integrating modern equipment and service platforms makes it easier to manage complex inventories and improves regulatory compliance - for example, by providing access to the required functions. On top of that, both advancements help maximize cost-efficiency and keep the costs of data protection under control.
What are your top tips on the optimisation of backup and recovery strategies?
Backup and recovery are not that different from any other organisational process in need of optimisation. Start by defining the goals, then look for issues that stand in the way of achieving them. Are there too many manual operations? Find a way to automate routine tasks. Backup time is too long? Check whether you process unnecessary data. Make it an iterative process and choose a backup solution that is regularly updated to get access to necessary functionalities.
How do cybersecurity strategies differ with businesses of different sizes? For example, do SMEs need a different strategy compared to a larger organisation?
The size of an organisation is an important factor to consider when developing a cybersecurity strategy, but certainly not the only one. So, an SME will probably need a different cybersecurity approach from a larger organisation or another SME. Large organisations’ approaches may share some common traits, such as greater emphasis on test recoveries and cross-department communication, but the core principles will be relevant for a business of any size.
Would you say that there is a specific industry that is particularly vulnerable to cyberattacks?
There are industries in which data plays a critical role, and those industries inevitably attract the attention of cybercriminals. Right now, healthcare, utilities, and various government agencies seem to be at the centre of attention, making them quite vulnerable to breach. Fortunately, not every breach ends in a disaster, so ultimately, the one who’s caught unprepared is the most vulnerable, regardless of the industry.
What are the main reasons behind a cyberattack? What is the hacker hoping to achieve?
Setting aside the white hat hacking, driven by the desire to improve cybersecurity, there are three main reasons behind cyberattacks. The most obvious is financial gain - most ransomware attacks, for instance, are driven by the desire to get the payoff. There’s also a growing number of ideologically and politically motivated attacks, which can be based on hacker’s personal beliefs or endorsed by organisations and governments. Finally, some seek to test their skills and don’t really care about the reward.
What’s the disaster recovery process once an organisation has been attacked?
The details may vary, but the main steps of recovery should follow the basic structure. First, the attack should be reported to the responsible persons in as much detail as possible to initiate a response. Second, isolate the affected part from the rest of the infrastructure and, if possible, preserve it for future investigation. Once the attack is contained, the recovery of critical processes should commence, restoring essential workflows quickly. After that, full recovery should follow, bringing the operations back to normal and restoring all affected data. The final step would be to analyse the incident in order to prevent similar future attacks and reduce their impact.