Attacks against organizations’ data in storage are frequent and costly. Data storage refers to the methods and technologies used to retain digital information. On average, one attack against data in storage occurs each month, and the most significant attacks reported in the research averaged $5 million. As a result, 63 percent of respondents say securing data in storage is very or extremely important compared to other security initiatives.

Sponsored by Pure Storage, Ponemon Institute surveyed 610 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ approach to their organizations’ data storage security posture.

Automation is considered key to achieving cyber resilience in data storage. Cyber resilience is the capacity of an enterprise to maintain its core purpose and integrity in the face of cyberattacks. In the context of this research, a cyber resilient enterprise is one that can prevent, detect, contain and recover from a plethora of serious threats against data, applications and IT infrastructure. The key to achieving a high level of cyber resilience in data security storage is automation, according to 66 percent of respondents.

Respondents were asked to rate their cyber resilience on a scale from 1 = low resilience to 10 = high resilience. Only 47 percent of respondent rate their cyber resilience as high to very high resilience (7+ on the 10-point scale). Fifty-five percent of respondents say cyber resilient data storage has value or high value (7+ on the 10-point scale).

 Securing sensitive data in storage is a priority because 36 percent of this data is considered mission critical and on average it can take 12 days following a data security incident to recover mission critical applications. Mission critical applications and data are essential for organizations’ operations and survival. If not recovered, operations could be significantly impacted or brought to a complete halt.

The following findings illustrate the challenges to securing data in storage

 The exploitation of vulnerabilities and ransomware are the two primary reasons a cyber incident occurs. Organizations represented in this research had an average of 7 cyber incidents that resulted in data loss in the past two years. Although challenging to identify root causes, 63 percent of respondents say the root cause was an exploitation of vulnerabilities and 61 percent say it was ransomware.

 Insiders are putting data in storage at risk. According to the research, an average of more than 5,433 employees and third parties have access to sensitive data in storage.  In the past two years, an average of 7 non-cyber incidents resulted in the loss of data. To minimize the threats from non-cyberattacks, organizations should take steps to prevent employee error or negligence (74 percent of respondents) and system hardware or software failures (69 percent of respondents).

 The biggest cost following a cyberattack against data in storage is the recovery of the up-to-date backups of critical data. Respondents were asked to calculate the most significant cost due to a cyberattack against data in storage. The four categories of the total cost of $5 million and the percentage respondents allocated to each cost are recovering up-to-date backups of critical data (31 percent), repairing or replacing affected systems and applications (26 percent), detecting and containing the incident (23 percent) and testing to ensure restored systems are functioning correctly and any vulnerabilities have been addressed (20 percent).

 Protection of data requires an accurate classification of the types of data stored. Only 45 percent of respondents say they know how much data is structured or unstructured. Fifty-three percent say stored data is structured data and 47 percent say it is unstructured. On average, 36 percent is considered “dark” or unclassified.

 Organizations are challenged to consistently manage data across all environments. Only 41 percent say they have a good or a high level of ability to manage data across all environments. Fifty-three percent of respondents say they have a good or a high level of ability to minimize downtime and data loss in the event of an attack and 49 percent of respondents say they are very or highly effective in minimizing downtime and data loss in the event of an attack.

 The most important indicators of cyber resilience in data storage security are Recovery SLAs, RTO and RPOs. Fifty-two percent of respondents measure cyber resilience in data security. Of the respondents that measure cyber resiliency, 59 percent say they measure consistency in achieving recovery SLAs.

Achieving recovery SLAs is critical to ensuring business operations can resume with minimal disruption after an incident, minimize financial and operational damage, set clear measurable goals for service providers and customers and select the best cost-effective solutions.  Fifty-six percent say they validate Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTOs and RPOs ensure that recovery efforts align with business needs by setting clear goals for how systems should be back online and how much data loss is tolerable.

Organizations prepare for the likelihood of a ransomware attack. Organizations have disaster/cyber recovery plans in place to deal with cyberattacks. Seventy percent of respondents say they have a plan for ransomware attacks, 65 percent of respondents say they have a plan for distributed denial of service (DDoS) attacks and 61 percent of respondents have plans for malware, including spyware, viruses trojans and worms.

Controlling employees’ and third parties’ access to sensitive data in storage is important to preventing non-cyberattacks. The primary root cause of a non-cyberattack was employee error or negligence.  Multi-factor authentication access controls (71 percent of respondents) and role-based access controls (RBAC) (63 percent of respondents) are used to protect stored data.

The most important control used in data storage is integration with SecOps tools such as SIEM, Extended Detection & Response (XDR) and SOAR. XDR is a cybersecurity platform that unifies and automates security data collection, analysis, and response across multiple layers of an organization’s environment, such as endpoints, networks, cloud workloads and email. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events.

The benefits of AI in securing data in storage.  Forty-five percent of respondents say the deployment of AI-based security technologies will improve their organization’s data security storage and 53 percent of respondents say AI simplifies data security storage by performing tasks that are typically done by humans but in less time and cost.

Despite the benefits, the two most significant risks caused by AI to data storage security are incorrect predictions due to data poisoning (50 percent of respondents) and poor or misconfigured systems due to over-reliance on AI for cyber risk management.

Click here to read key findings and the full report at PureStorage.com

By any measure you can find, fraud is soaring in the U.S. and around the world.  I spent an hour on WHYY radio recently discussing the causes for this, but I can boil it down to one concept: big, uncaring companies have dehumanized customers and employees alike, creating a perfect playground for criminal mischief.

I write a lot of stories that reveal how much systems let people down and set them up to be victims of crimes. You’ll often hear me lament that big tech companies or financial institutions don’t do more to stop crimes.

Today, I have a different story to tell at The Perfect Scam podcast. It’s about a crime that *almost* happened, but didn’t — thanks in large part to well-trained bank employees who followed a well-designed system…with care.  But there’s another important element to this near-miss crime that plays a huge role: It happened in a small community, at a small bank, where employees had a personal connection to the victim.  Like this:

“The young man who is an assistant manager up there went to high school with at least one of my grandsons.”

And this:

“The lady at the bank, the one who was the person who called me initially, my son had a coffee truck in Rogersville for about a year and a half, and this bank manager loved his coffee. So she had come through his line so many times, and so knew me because of that.”

It’s human nature: When you know someone, or you know someone you know will know someone, you are far more likely to step in and ask questions when something seems amiss. After all, who could go to bed at night knowing they helped criminals steal $25,000 from an 83-year-old woman who is a pillar of the community?

I realize I’m telling this story upside down, giving you the punchline without the setup. That’s because the punchline *is* the story here. It’s the only part of this story which is a surprise. The rest follows an all-too-familiar refrain. Listen for yourself by clicking here. But here’s the setup.

Samuel, the would-be victim, has lived in this small town outside Springfield, Mo., for most of her 83 years.  She got a menacing call from someone claiming he was from a federal agency investigating a crime, and he needed her help.  Many calls later, Samuel was manipulated into a bank visit where she would ask for $25,000 to be wired to a nonexistent company.  But the teller and manager 1 asked so many questions that Samuel left without the money and headed for another branch.  By the time she got there, the bank had already put an alert on her account, and tellers put up multiple speed bumps. Ditto for branch No. 3.  Critically, bank employees did this with kindness, not dismissiveness or ageism, because the criminal had warned Samuel that a bank employee was “in on it.”  As I’ve written elsewhere, rudeness only pushes victims into the arms of criminals, who are very good at sounding compassionate.

The bank also thoughtfully notified Samuel’s children, who are also named on her account. The kids got mom off the phone with the criminal, got her home, and eventually persuaded her that she was talking to a criminal.  The whole episode was over in a couple of days, and the family didn’t lose a dime.

As a show of thanks, Samuel made banana bread and took some to each bank employee who played a role in foiling the crime.

I love a happy ending. And I love banana bread. I’m only half kidding when I suggest in this episode that baked goods are the answer to America’s fraud problems.  What I’m suggesting, of course, is that the human touch is missing from most cybersecurity initiatives.  We spend billions on software…we’re calling it AI now…. but we overlook the front-line workers who are often the difference between disaster and a close call.

I realize Linda Samuel’s story has a unique set of circumstances.  Many of us don’t live in a town where we can walk or quickly drive to a small, community bank.  Years of industry consolidation have ensured that.  In many cases, we only have a choice of one or two gigantic banks.  This is a mistake, and if you’re curious about the problem of hyper-consolidation and monopoly power, I’d invite you to visit the American Economic Liberties Project and the work of Matt Stoller, author of the “BIG” Substack newsletter.

For now, suffice to say it’s unlikely Linda Samuel’s story would have had the same ending if her money had been parked at Bank of Gigantica.

I do know many, many cybersecurity workers at these large institutions who care a lot about fraud, and often write code that stops crimes. When I have a chance to speak to tech worker audiences, I often remind them that no firefighter wins an award for a house fire that is stopped because a fire inspection forced a safety upgrade — the work these individuals do can be just as invisible and thankless, so I thank them for it.

But I’ll repeat myself — poor customer service is our greatest cybersecurity vulnerability.  This story makes that point by showing the alternative: good customer service can be our best crime-fighting tool.

We’re never going to get a handle on fraud unless banana bread, once again, is part of the equation.  Know Your Customer shouldn’t be a check box on a compliance form.  It should be standard operating procedure.   And it’s worth the investment.