Over the past year, the world has seen cyber attacks increase at a concerning rate. So much so that the cost of cybercrime is estimated to reach $8 trillion in 2023. It is unsurprising that we are seeing a huge rise in new cyber technologies, techniques, and legislation as businesses and governments alike seek to fortify their institutions. Here are some of our top tips to keep ahead of the game and ensure that your business resilience is tip top:
Discover your data
According to a recent survey, 57% of CISOs don’t know where some or all their data is or how it is protected! This is hugely concerning, especially as the amount of data generated each day continues to grow and more and more regulations are being enforced – how can you protect your data and remain compliant with legislation if you don’t even know where it is?
Data discovery helps prevent loss or exposure of sensitive data, and enables organisations to implement appropriate security measures. As a result, we can expect – and hope – to see CISOs and their teams focus on discovering their data so that it can be protected in the right way. Only once you have full visibility of your data can you be confident that you can keep downtime to a minimum should the worst happen.
Back it up and test, test, test
Backups should be taking place very regularly within organisations. At a minimum, this should be once a week but for the best protection, data should be backed up every 24 hours. In our modern world where data is generated at incredible speeds and technology is always changing, a business’ data can look very different from one week to the next. A backup that is over a week old may not bear much resemblance to the state of a business at the time of attack.
Whilst most backups nowadays are automatic and take place without you even noticing, it is crucial not to forget about them all together. Backups should therefore be tested regularly. The recommendation is at least annually, but others will advocate for monthly tests. Unless you run such trials, you don’t know whether your essential data is being fully and accurately preserved. Regular testing ensures that you can be confident that your backup is sufficient and that downtime can be kept to a minimum.
In addition, it trains your employees to know exactly what to do should an attack occur. A fire drill for your data, backup tests ensure that no major damage will be done should a cyber attack strike.
Ride the wave of new regulatory requirements
Just as both individuals and businesses get to grips with the latest data regulations and requirements – it doesn’t feel like that long ago we were all scrambling to comply with GDPR! – another wave of new legislation heads our way as regulatory bodies strive to stay ahead of the curve and mandate strong protection of data and other assets.
Although it will be a couple of years before mandatory compliance, the Digital Operational Resilience Act (DORA) was adopted by the European Union (EU) at the end of 2022, aiming to coordinate the financial sector’s approach to cybersecurity. With the ever-increasing threat of cyber attacks taking some of the most high-profile organisations, and even whole cities, offline, DORA favours on-premises backup rather than connection-reliant cloud backup options.
Ahead of the deadline of January 2025, we will increasingly see businesses start to prepare for compliance throughout 2023. This will involve reviewing legacy IT systems to ensure that they meet regulations as well as potential investment in new software. Despite it being EU legislation only, any business which has connections to the EU market will have to comply with DORA’s regulations, so the majority of UK businesses will be taking the necessary action. Indeed, it is also highly likely that the UK will follow in the EU’s footsteps and announce similar regulations in the upcoming months, so keep an eye out for any further legislative updates whilst you’re preparing to comply.
Open your eyes to new opportunities
The technology world is always changing and new opportunities are being created. Especially when cyber attacks are happening more frequently than ever before and cybercriminals are growing in sophistication, there is no shortage of new, innovative data protection techniques coming to the market.
One of these is the emerging technology of cyber deception. Designed to put the business in the driving seat and take control back from the attackers, the methodology involves deploying decoys to lure the attacker to fake assets and away from the real ones. Not only does this reduce the threat event frequency, as the attacker is much more likely to touch one of the hundreds of fake assets rather than the real one, it also provides an early warning system, by alerting the business as soon as a fake asset is touched. This allows security teams to get to work in isolating the asset and restricting the attacker from reaching the real systems far quicker than any reactive security solution.
2023 and beyond
Although the current climate may look dire and reports of more cyber attacks are in the news daily, all is not lost. Taking a proactive approach to your cybersecurity whilst keeping on top of your data and cybersecurity measures will put you in good stead to face whatever is thrown at your organisation. And, finally, don’t be afraid to branch out! You may wish to proceed with caution when introduced to the newest cybersecurity methods, but they could be just what you need to stay one step ahead of cybercriminals…