How do you protect your most important enterprise data and information?
Enterprise data protection has never been so important than now. With the ever-growing size of big data volume and 24-hours-by-7-days a week business environment, protecting our data is increasingly more challenging and complex. Here’s our 3 data protection recommendations (among many others, actually) that your business should be thinking about:
1. Data Loss prevention for critical systems.
2. Hybrid Environment, varied-formatted data.
3. Sporadic Ransomware.
Data Loss prevention for critical systems
Yes, losing critical data permanently is extremely painful for organizations big and small. This should be among the top digital data concern, especially to SMEs (small and medium enterprises) which reportedly, have little to no data protection mechanism in place.
Regular Business Impact Analysis (BIA) should be conducted with the involvement of key stakeholders in the organization of concern. Questions like the eventual rippling costs of unplanned downtime and recovery should be measured in all tangible and intangible aspects.
The Data Protection Plan (DPP) or Disaster Recovery Plan (DRP) for the matter should be crafted with alignments to RPO and RTO in mind: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). These objectives eventually should set the pace of Key Performance Indexes (KPIs) in these plans.
Hybrid Environment, varied-formatted data
The tech teams today are becoming extremely agile having to act on fast changing IT market spaces, yet many are trying to catch up with the tasks of protecting high volumes of mixed on premises and off-premises cloud based data of varied formats. The challenges of dealing with hybrid environment and a wide variety of data can easily leave a lot of gaps in the cyber security areas. Maintaining a strong IT team with good experience and integrated data management software solutions is fast becoming a critical success factor of companies, especially those who are data-driven.
It comes in two: sporadic and ransomware – without a pattern and launching a ransomware attack when you least expect it to happen!
RansomWare, simply put, is a malware that gets installed on your machine secretly (e.g. when you visit a malicious website without the right protection). It then encrypts your drive for instance, making your system inaccessible from you unless you buy a key to unlock the encryption.
“Only useful data can be considered as information” ~ Mentor Lam 🙂
Here’s how Wikipedia explains it: “Ransomware is computer malware that installs covertly on a victim’s device (e.g., computer, smartphone, wearable device) and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim’s data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim’s data, until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file. While initially popular in Russia, the use of ransomware scams has grown internationally in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012. Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities, and CryptoWall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.” Source: https://en.wikipedia.org/wiki/Ransomware
The rate of ransomware attacks are accelerating and the costs associated dealing with ransomware are increasing as well. In 2016, ransomware cost US organizations $24 million according to http://finance.yahoo.com/news/victims-paid-more-24-million-222700088.html
With the right level of security setup to defend in depth, covering all layers of the OSI layers, the organization can effectively and efficiently detect, avoid attack or minimize the damages caused by an attack, good data protection solutions and security polices can enhance the security perimeter.
What do you think we should add to the above recommendations?
This article first appeared as my contribution on Steadware.com – a brand by Massive Wisdom Group Pte Ltd. If you are referencing this article, please provide a link back to this article’s url: http://steadware.com/how-do-you-protect-your-most-important-enterprise-data-and-information/