Organizations have been doing backup and recovery for decades and many feel that they have reactive data protection under control. If an event like a power failure or natural disaster takes down their data center, they just use their replica site hundreds of miles away to continue operations and, if need be, recover their data from disk or tape or cloud storage as needed. It’s a pretty well-understood practice.

However, enterprises are now seeing the impact of cyberattacks such as ransomware, which alone is poised to exceed $265 billion in global damage costs by 2031. These problems differ from natural disasters or hardware or power failures in that someone is actively trying to prevent you from succeeding with a traditional recovery approach.

Plus, cyberattacks are getting more sophisticated – and that’s only accelerating with the advent of artificial intelligence, which has the ability to write and improve upon code. And launching a cyberattack is now easy with ransomware as a service, which means that people don’t need deep expertise to hold your data hostage or steal your data and sell it on the dark web.

It’s also important to note that bad actors are now targeting the configuration files of applications and the datasets you would traditionally use to try to recover from an attack. Making it harder to get back to normal operations makes targets more willing to pay ransom.

These harmful entities are also going after data like personally identifiable information and payment information, which are covered by regulatory requirements, and more data regulations are coming soon. The European Union’s Digital Operational Resilience Act (DORA) take effect in January 2025, and similar requirements are likely coming to the Americas and APAC region.

The fact that the National Institute of Standards and Technology recently introduced the NIST Cybersecurity Framework 2.0 signals this new and evolving data and cybersecurity landscape.

This new landscape is extremely complex to navigate – especially in an environment where cybersecurity experts are costly, hard to keep, and in short supply. It calls for a new approach to data resilience, one that combines cyber readiness with traditional data protection.

To achieve operational resilience in this landscape, we believe there are seven critical layers to a proper data resilience strategy:

  • Monitoring, posture assessment, testing, and incident response
  • Anomaly detection and malware scanning
  • Pen/patch/upgrade testing and DevSecOps
  • Forensics and recovery in minutes
  • A diverse partner ecosystem for compliance
  • Efficient, dependable backup and recovery
  • Reliable, secure, immutable infrastructure

Here’s how to secure your future with these seven critical layers.

Start with a posture assessment

Imagine you’re a brokerage and your average cost of downtime is $5 million an hour. If you got hit with a ransomware attack, could you survive being offline for two, three or four weeks? If your business goes offline because you can’t access your data, what does that do to your bottom line? What will you owe in regulatory fines? How will this impact customer trust?

It’s a massive problem that could result in a huge – potentially fatal – hit to your business.

Don’t panic. Take a step back. Employ your internal experts and/or work with a trusted partner to understand your cyber resilience, data protection, and overall operational resilience posture.

Bring in an independent voice

This is a broad remit. No one person in your organization will be able to identify the problem.

Also, be aware that internal teams might have blinders on. Your network team will likely think that the network is fine. Your infrastructure team will say the infrastructure is great. Or perhaps these teams will elect to use this exercise as a way to get extra budget in a predetermined area.

Bring in an independent voice to help you get a more realistic assessment of your posture. A third party who will have no agenda other than helping you understand where you are today, define your goals, and make the right decisions around the people, process, and technology you need.

Understand reactive technologies are no longer enough

Reactive approaches alone may have worked in the past. But in today’s world of frequent and increasingly sophisticated attacks, you need to be more proactive and much, much faster.

Move to a posture in which you are using artificial intelligence both to monitor for anomalous activity and scan for malware in your environment. Embrace the power of automation to act, whether that’s to notify an administrator of anomalies to investigate or to rapidly isolate at-risk systems.

Address data resilience across your entire environment

The rapid growth of data and the widespread implementation of IoT, edge computing, and storage are expanding the attack surface. Now you must ensure your data center is super secure and has data resiliency, cyber readiness, and rapid recovery at scale where your data – and all of the devices that touch that data – exist. In today’s hybrid world, that’s going to be anywhere and everywhere.

That can make ensuring data resilience complex and hard to get your arms around. Work with a trusted partner with the ecosystem, people, processes, and technology to streamline your journey and provide consistent protection from edge to core to cloud.

Adopt a reliable, secure, immutable infrastructure

Chances are good that you have reliable backup and recovery. You probably also have a reasonable amount of security around it. But be sure you also have robust infrastructure, which is characterized by data immutability, consistent deployment processes, and enhanced resilience against unexpected system failures.

With these critical capabilities, you can take immutable snapshots of your database environment and ensure that file data cannot be overwritten so that if your data is encrypted, you have the previous version that you can fail back to. That, and forensic capabilities to determine the right point to recover to prior to malware entering your environment, will empower you to recover from an incident very, very quickly.

Don’t throw the baby out with the bathwater

You’ll also want to explore how you can do penetration, patch, and upgrade testing at scale in a way that doesn’t impact your production environment. Plus, you’ll want to manage the governance of data, including how long it is retained, who can access it, and when it should be deleted.

You may be thinking all of the above is a lot to consider and tackle. But rest assured, you don’t need to replace everything you have and rebuild your environment from scratch.

By working with a proven partner, you can identify your biggest gaps, bring the right people across your organization to the table, and decide what you need today and going forward to ensure you have the appropriate data protection, security, compliance, and cyber resilience.

The post Safeguard Your Future with Seven Layers of Data Resilience appeared first on Cybersecurity Insiders.

1. Data Resilience: Data resilience refers to the ability of data to remain available and in-tact despite various challenges or threats. It involves measures to ensure that data is protected from loss, corruption, or unauthorized access. Data resilience strategies typically include data backup, replication, encryption, and disaster recovery planning. The focus is on safeguarding the integrity and accessibility of data, regardless of the specific threats or incidents faced.

2. Cyber Resilience: Cyber resilience, on the other hand, encompasses a broader scope of resilience within the context of cybersecurity. It refers to an organization’s ability to continue operating and delivering its services despite cyber threats, attacks, or incidents. Cyber resilience involves not only protecting data but also safeguarding all aspects of an organization’s digital environment, including networks, systems, applications, and processes. It encompasses preventive measures, detection capabilities, incident response plans, and recovery strategies. Cyber resilience aims to minimize the impact of cyber incidents on an organization’s operations, reputation, and stakeholders.

In summary, while data resilience specifically focuses on ensuring the availability and integrity of data, cyber resilience addresses the broader spectrum of challenges related to cybersecurity, including data protection as well as the overall resilience of digital systems and operations.

How to achieve Data and Cyber Resilience

Attaining both data resilience and cyber resilience involves a combination of proactive measures, ongoing efforts, and strategic planning. Here are some key steps for achieving each:

Data Resilience:

1. Data Backup and Redundancy: Regularly back up your data and ensure redundancy across multiple locations or storage systems to mitigate the risk of data loss due to hardware failure, human error, or cyber-attacks.

2. Data Encryption: Implement encryption protocols to protect sensitive data both in transit and at rest, ensuring that even if data is compromised, it remains unreadable and unusable to unauthorized individuals.

3. Access Controls: Enforce strong access controls and user authentication mechanisms to limit access to data only to authorized personnel. Implement role-based access control (RBAC) to ensure that individuals have access only to the data necessary for their roles.

4.Data Integrity Checks: Implement mechanisms to regularly verify the integrity of data, such as checksums or digital signatures, to detect and prevent data tampering or corruption.

5. Disaster Recovery Planning: Develop comprehensive disaster recovery plans that out-line procedures for restoring data in the event of a data breach, natural disaster, or other catastrophic events.

Cyber Resilience:

1. Risk Assessment and Management: Conduct regular risk assessments to identify potential cyber threats and vulnerabilities within your organization’s digital infrastructure. Develop and implement risk management strategies to mitigate these risks effectively.

2. Security Awareness Training: Provide ongoing security awareness training to employees to educate them about common cyber threats, phishing scams, and best practices for maintaining cybersecurity hygiene.

3. Incident Response Planning: Develop and regularly test incident response plans to en-sure a coordinated and effective response to cyber incidents. Clearly define roles and responsibilities, establish communication channels, and outline procedures for containing, investigating, and recovering from cyber-attacks.

4. Continuous Monitoring: Implement continuous monitoring tools and technologies to detect and respond to cyber threats in real-time. Utilize security information and event management (SIEM) systems, intrusion detection systems (IDS), and endpoint detection and response (EDR) solutions to enhance threat visibility and response capabilities.

5.  Collaboration and Information Sharing: Foster collaboration and information sharing within the cybersecurity community, including sharing threat intelligence, best practices, and lessons learned from cyber incidents. Participate in industry-specific Information Sharing and Analysis Centers (ISACs) and collaborate with law enforcement agencies and cybersecurity organizations.

By implementing these measures and adopting a proactive approach to data and cyber resilience, organizations can better protect their data, systems, and operations from cyber threats and ensure continuity in the face of adversity.

The post Definition of Data Resilience and Cyber Resilience and their attainment appeared first on Cybersecurity Insiders.