By Sheena Chin, Head of ASEAN, Cohesity
Experts are predicting the cost of global cybercrime to grow by 15% per year over the next five years, reaching US$10.5 trillion annually by 2025. Malaysia ranked equal 5th amongst 194 countries surveyed in the International Telecoms Union’s Global Cybersecurity Index 2020 by demonstrating a high commitment to cybersecurity and a robust national plan to tackle cybercrime, which is backed up by Malaysia’s Cyber Security Strategy 2020-2024 guideline. This underscores the solid framework the country has in place to combat risk and defend its assets.
However, with the explosive rate of data growth in recent years, managing and backing up data has become a major challenge due to the complexity and inefficiency of legacy data management technology. This is resulting in both higher cyber risks, through expanding attack surfaces, and costs for many organisations. In the last five years, there have been many high-profile security breaches targeting government platforms including the largest data breach in Malaysian history where 46.2 million mobile subscribers were affected. The healthcare sector in the region has also been a target of cyber criminals, with a study by Frost & Sullivan estimating an average loss of US$23.3 million by healthcare providers in Asia Pacific, demonstrating the challenge that exists for organisations – public or private – in managing, protecting, and backing up their data.
At first, hackers primarily encrypted production data to bring businesses to a standstill. But companies fought back with solutions that allowed data to be restored quickly via backups. Nowadays, new ransomware variants destroy backup data before they encrypt production data (information that is required to complete daily business tasks and operations like managing CRM, ERP, streaming, and other primary systems).
Next the attackers shifted to destroying or encrypting backups. IT countered with immutable backups. Now the criminals are pulling data and threatening to publish it on the dark web. As a result, companies are once again faced with the question of how to adequately secure their data – what they need are intelligent data protection solutions in combination with secured data that cannot be changed.
AI instead of traditional tools
Many conventional or legacy tools only detect attacks using known virus signatures, IP addresses or attack patterns. However, they often cannot detect and defend against new types of attacks from unknown sources.
To defend against current attacks, companies should therefore also deploy next-gen data management solutions with built-in artificial intelligence and machine learning (AI/ML) capabilities. These technologies can be used to trigger alerts that can notify the IT data admin when the backup data changes or ingest rates fall outside the norm based on historical trends — all of which could indicate an attack has taken place. The capabilities can also indicate, for example, when a user accesses large amounts of sensitive data at unusual times. Integration with security orchestration, automation and response (SOAR) platforms can then be used to trigger defensive measures or further authentication via an additional factor.
Companies should complement this with an integrated data security and data governance solution. They can then use AI/ML systems to classify their data to identify sensitive information – including personal data. Only when it is known what sensitive data is stored where can it be determined who has access to it to protect it from attack. Data classification with predefined guidelines, such as for the GDPR, makes compliance easier.
Immutable backups
Despite all precautions, a data theft or ransomware attack can be successful. In this case, companies need the ability to restore data quickly. But the backups must not have been altered beforehand, for example through unwanted encryption or deletion by an attacker. Therefore, it’s critical that customers embrace next-gen solutions that offer immutable backup snapshots. Immutability helps ensure that no unauthorised user or application can modify the ‘gold’ copy of the backup. Any attempts to modify the ‘gold’ copy will automatically create a zero-cost clone.
If this feature is embedded from the start, the original copy of the data is safer from unwanted manipulation. In addition, it is recommended to activate DataLock in the backup policy. The snapshot is then provided with a time-limited lock that even the security officer cannot delete.
For even greater security, look for solutions that provide data on the frequency of file accessed, and the number of files that are modified, added to, or removed by a particular user or application.
There is also the option to store an isolated copy in an externally managed data vault. This makes data even more resistant to ransomware attacks. In addition to immutability, this gives companies another way to protect themselves from attackers who want to encrypt data.
Last but not least, in the event that your organisation is attacked, recovering quickly is the name of the game. Therefore, look for next-gen data management solutions that offer instant mass restore capabilities so that you can minimise downtime while keeping your brand intact and your customers happy.
Conclusion
Relying on traditional backups as insurance is no longer enough. Modern systems offer AI/ML solutions to detect and defend against even novel attacks. Should they still succeed, immutable backups can help enable fast and reliable data recovery.
