siliconindia | | DECEMBER 202419 Immutable backups:These cannot be modified or changed, unlike traditional backup offerings that can be deleted or modified. Backups with immutability built in are also highly useful for forensic investigation, regulatory compliance, and ensuring the integrity of the data before recovery. Data Access Controls: These allow organisations to maintain or establish a state of zero trust by modulating and limiting over-access to critical or sensitive data. Capabilities like role-based access controls (RBAC), multi-factor authentication (MFA), and Quorum (requiring a minimum of `two pairs of eyes' to validate any data altering action) all allow organisations to restrict unauthorised or malicious changes to data. Data Encryption: Organisations should only use data management, security, and recovery technologies or technology platforms that encrypt their data in transit and at rest, and to an AES-256 standard. AI & ML powered threat and anomaly detection: Best-in-class data security, management, and recovery technology is now being enhanced with AI. In fact, some technology innovators now offer critical capabilities like anomaly detection that monitors any change to data, such as size or format, that usually indicate malicious activity, as well as AI-powered threat intelligence where data environments are analysed against the latest set of known threats and vulnerabilities. Instant Mass Restore: Organisations should be looking to adopt and implement data recovery technologies that allow them to instantly mass restore thousands of virtual machines in a matter of hours and not days or weeks, as this is vital to organisations being able to refuse to pay ransoms.How does AI play an important role in data management, especially for backup and recovery for cybersecurity incidents?Threat actors are leveraging artificial intelligence (AI) to make their attacks more sophisticated and automate them to be continuous until a vulnerability is found. On the flipside, public and private organisations can also leverage AI to bolster their cybersecurity defences: AI and machine learning (ML)-powered anomaly detection can help monitor data and detect when malicious activity is taking place or has taken place by recognising patterns, triggering an alert to respond quickly to limit the damage. AI-enabled MFA can be used to monitor anomalous behaviour (such as different typing speed), require additional authentications depending on data risk, or block if a user's access strays beyond normal boundaries. AI-based activity monitoring can establish norms for both user and application behaviour based on continuously analysing activity logs with AI, and alert for any suspicious activity. AI-enabled optimised scheduling of backups ensure recovery point objectives (RPOs) are always met. As part of the backup process, AI can also help determine data that has become dormant for archival. This helps reduce recovery time by eliminating the recovery of unused data as well as creating efficiency and cost reduction in storage."AI-based activity monitoring can establish norms for both user and application behaviour based on continuously analysing activity logs with AI, and alert for any suspicious activity"What are reasonable recovery times for any business experiencing a cybersecurity incident?Data recovery times are highly specific to each and every organisation, however, the more important questions that organisations need to ask themselves are: How much data do I have, and what types of data do I have? Where and how is my data stored? Is it secure, and can I recover it if attacked? Is it backed up in an immutable solution and encrypted at transit and at rest? Can I recover it to the point before it was infected (RPO) and recover it quickly to restore my usual business processes quickly (RTO), and to pre-identified targets?By being able to answer all of these questions, even if some areas need to be worked on, organisations will be able to establish or maintain effective response times, and with the right modern data security and management technology should be able to recover in hours, not days or weeks as is the case for most companies.Why do organisations consider paying the ransom if it increases the risk of more ransomware attacks in the future?Primarily this occurs because of their cyber resilience gaps or not even prioritising cyber resilience in the first place, which means that when they suffer a cyberattack business processes are disrupted or stopped to the point that when ransomware is involved a ransom is paid to recover the data and restore business processes or do so faster. In fact, in our State of Cohesity Data Security and Management Report 2023, 95% of respondents said it would take over 24 hours to recover data and 41% said it would take over a week. No organisation can afford to be offline or have the majority of their business operations disrupted for more than a few hours, hence why some organisations opt to pay ransoms. However, it is vital that organisations choose not to pay ransoms because rarely will their data be fully recovered or recovered quickly, in many instances it is corrupted or vulnerable once returned, and it further encourages threat actors to continue attacks and even coming back to the organisation again, and in some jurisdictions paying ransoms is against existing regulations or legislations.
< Page 9 | Page 11 >