Why organisations will need to rethink data protection

By Mick Bradley, VP EMEA at Arcserve

2020 has unquestionably been the most disruptive year to businesses in recent memory. Not only have company IT infrastructures had to immediately adapt to completely new ways of operating as result of remote working, but they have also had to face a litany of ever evolving cyberthreats.

Cybercrime is running rampant. In fact, the NCSC’s global report shows that over 2.3 million malicious emails were reported and over 166,000 phishing URLs taken down. Ransomware is a particularly ever present and growing threat to many industries. The severe consequences following a ransomware attack are well known - you only have to look as far as Blackbaud incident, which affected a range of industries, including education, government, and healthcare organisations across the global. Despite the cloud provider reportedly stopping the ransomware attack, they still paid cybercrooks and undoubtedly suffered significant reputational damage.

As we continue to transition into another year, it is clear that these issues will persist. Criminals will continue to attempt to exploit organisations in every industry, so it is vital that businesses have the knowledge of what risks lie ahead in 2021 and how they can prepare to combat obstacles they may face.

Cyberattacks on critical infrastructure will be the biggest threat to operations

Cyberattacks on critical infrastructure and industrial control systems have been increasing and they’re not likely to drop off in the new year. Criminals are making lots of money, £4 million on average for every successful ransomware attack, and will continue to do so until it becomes a standard procedure to implement strong and strict security practices. These kinds of attacks are poised to become one of the biggest threats to society in the next year, as threat actors look to cause more disruption and damage to secure ransom payments.

For example, disruption to critical operations for organisations working in industries such as oil and gas, can’t afford to be hampered so paying ransom demands seems all too easy in comparison. If their operations ground to a halt, their entire workforce and revenue streams cease as well, critically endangering the organisation’s entire existence.

Companies must expand data protection and security protocols to account for changes to their risk landscape. Many businesses are already at tipping point, any loss of earnings or damage to IT infrastructures could result in operations grinding to halt for good. Implementing business continuity and disaster recovery plans can mitigate the risk of these attacks causing irreparable damages to vulnerable industries under the microscope of cybercriminals.

Protecting container data will be key

Data has for a long time been a hot topic on the eyes of many organisations. The pandemic has become a catalyst for the adoption of more digital technologies, spawning an even greater wealth of data for organisations. Due to this, we will see containers become more widely adopted and the role that data protection companies play will evolve. Data security in DevOps and container environments has been treated as an afterthought, so it will be up to data protection providers to show companies how to manage and protect container data, so it is not vulnerable to loss.

Next year, we can expect to see more partnerships established between data protection companies and those using containers to guide implementation processes and help develop a strong data backup and protection plan for container data. This has been a major trend that we have already begun to see amongst other emerging technologies with companies looking to establish better collaborations within their relationships.

Rethinking what and where data needs to be protected

With massive changes to operations over the last twelve months, organisations need to take a hard look at their data protection protocols, creating a greater need to protect growing digital workplaces that may have previously been deemed “not worth it,” including remote employee devices. Many are using their own personal devices for work and these often do not have the same level of cyber protection, potentially leaving the organisation at risk.

Since it does not seem like remote work is going anywhere anytime soon, companies will need to re-tier their data, systems, and applications to ensure they do not lose data being generated outside of the office. Many businesses will store more data in the cloud to help solve for this, but it will also be important for them to develop more robust plans cloud backup and recovery plans, too.

What is clear is that as we move into the new year a lot has changed in terms of our behaviour with data and the threats we are facing today are more widespread, some of which entirely unseen before. Companies cannot afford to relax now if they have gotten through 2020 unscathed. Instead, they need to address what they might face in the coming months and adjust their data habits and protection protocols before it is too late.