Businesses throughout Asia-Pacific continue to focus on gaining a competitive advantage by transforming their digital business models, accelerating their digital transformation and innovation, adopting more and more cloud applications and strengthening their digital ecosystems.
However, all these digital and transformative efforts are resulting in ever-proliferating data, which not only requires a greater and modern approach to managing but expands the attack surfaces of businesses as malicious actors seek to attack this most valuable business asset.
This data management and protection challenge becomes even more complex as businesses expand their cloud environments to multi-cloud environments, and either adopt or double down on a hybrid model of storing their data.
According to Deloitte, the demand for public cloud services in Asia-Pacific is projected to continue growing and surpass US$116 billion by 2024. With IDC forecasting that within the next two years, “as-a-service” solutions will support critical multi-cloud needs for nearly 60% of enterprises in the region.
Therefore, the data management and protection challenge facing business is only going to intensify. Next-gen data management approaches and platforms empower businesses with the capabilities to keep pace with their digital transformation, and its resulting data generation, while increasing their security postures.
Digital businesses need a level of agility, flexibility and scalability that traditional or legacy data management technology is not capable of delivering.
Legacy solutions were not designed to be integrated within the modern IT environment of today, stand up to the sophisticated cyber threats of today or securely harness data for valuable and actionable insights.
Legacy data management solutions also add to complexity in a multi-cloud or hybrid cloud environment, as they force organisations to have to manage myriad products from different vendors, resulting in “do-it-yourself” IT processes and policies, and even bespoke technical solutions to be developed so that they remain functional, all of which lead to higher costs and time demands.
These limitations of legacy technology that worsen the challenge that organisations have in managing their ever-growing data proliferation are only going to get worse as new applications and technology are adopted.
However, the more alarming challenge lies in protecting business data against the rapid growth and evolution of ransomware that seeks to disrupt and destroy business continuity by attacking data. Concerningly, EY’s 2021 Global Information Security Survey (GISS) has found that defences to mitigate ransomware were a sticking point for over half of Asia-Pacific businesses.
While organisations in Asia-Pacific may be capable of defending against the relative lack of sophistication that is typical of the first level or evolution of ransomware attacks (Ransomware 1.0), which can be mitigated with traditional backup and recovery solutions, the second and third evolutions of ransomware — commonly seen today — require greater capabilities than legacy data management technology provides to mitigate their devastating effects and maintain cyber resilience.
The second evolution of ransomware attacks (Ransomware 2.0) focuses on destroying backups first, then encrypting production data. This type of attack is designed to reduce the target’s ability to recover operations from backups, which limit the attacker’s ability to demand ransom. More recently, in the third evolution of Ransomware (Ransomware 3.0), the ransomware attacks are focused on encrypting, exfiltrating or stealing data to expose the data to sell it unlawfully as part of double extortion schemes.
Stopping attackers that employ sophisticated tactics and evolving ransomware approaches requires next-gen data management capabilities, including alignment with zero-trust security principles, leveraging of AI-powered insights and anomaly detection, and integration with third-party security solutions.
Failure to manage data — which reduces a business’ attack surface — and deploy solutions that protect data in the increased cyber threat landscape of today will continue to result in a significant number of the region’s businesses having to make payouts to retrieve affected data. Unfortunately, this is becoming a real eventuality for businesses, with IDC finding nearly half of businesses in the region willing to make payouts to attackers. Our recent survey — conducted by Censuswide — of more than 2,000 IT and SecOps professionals in the UK, US and Australia revealed that 74% believe the threat of ransomware to their industry has increased in the last year and almost one in two (47%) said their organisation had been the victim of a ransomware attack in the last six months, demonstrating the very real threat that ransomware poses.
By significantly raising the cybersecurity stakes, malicious actors and ransomware attacks have shifted the focus far beyond the established notions of perimeter, network and application, and security controls. While the threat landscape continues to challenge organisations’ cyber resilience, delivering data security and trust at scale requires modern solutions that are designed to stay ahead of the curve.
At a business and IT operations level, next-gen data management capabilities empower businesses to scale and still effectively manage and protect their data. Beyond enabling unparalleled flexibility and increasing operational efficiency, which reduces the costs of ownership, next-gen data management platforms help mitigate data sprawl by providing data visibility throughout hybrid and multi-cloud environments.
Not only is this a crucial capability that organisations require to effectively manage and protect their data, as it is a common contributor to data privacy and breaches, it also helps their compliance with data privacy legislation and regulation.
Amid this cyber landscape fraught with threats, including a third evolution of ransomware, delaying modernising data security and management will come at the peril of businesses. It is now imperative that enterprises augment their security strategy to incorporate a next-gen data management approach and, where necessary, technology that both integrates and elevates their ransomware protection, detection and response.
Next-gen data management platforms enable organisations to increase their cyber resilience and mitigate the impact of cyberattacks by providing them with the ability to both protect and defend their business processes and data from being taken hostage, with measures such as immutable backup snapshots and WORM (Write-Once, Read-Many). WORM is a data storage technology mechanism that stores un-erasable and/or unmodifiable information after it has been written on a drive.
Cohesity’s DataLock (WORM) capability offers artificial intelligence-powered detection and analytics to identify near real-time anomalies and indicators of malicious data exfiltration, and to better respond to a successful attack with automated rapid recovery that delivers on the speed, scale and reliability that organisations need as the backbone of their security posture and cyber resilience.
Now, more than ever, businesses need to raise their cyber resilience to reduce disruption and downtime in the event of attacks, as this is a competitive advantage in a digital world where business never stops.
However, a solid state of cyber resilience can be afforded only by modern data management approaches and platforms that harness cutting-edge technology to integrate and protect hybrid or multi-cloud environments, provide end-to-end data visibility, and have the necessary data protection and recovery features to respond to cyberattacks — especially ransomware.
Sheena Chin is head in Asean at Cohesity, a security-focused data management company.