The State of Cyber Resilience

Leave a reply

Attacks against organizations’ data in storage are frequent and costly. Data storage refers to the methods and technologies used to retain digital information. On average, one attack against data in storage occurs each month, and the most significant attacks reported in the research averaged $5 million. As a result, 63 percent of respondents say securing data in storage is very or extremely important compared to other security initiatives.

Sponsored by Pure Storage, Ponemon Institute surveyed 610 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ approach to their organizations’ data storage security posture.

Automation is considered key to achieving cyber resilience in data storage. Cyber resilience is the capacity of an enterprise to maintain its core purpose and integrity in the face of cyberattacks. In the context of this research, a cyber resilient enterprise is one that can prevent, detect, contain and recover from a plethora of serious threats against data, applications and IT infrastructure. The key to achieving a high level of cyber resilience in data security storage is automation, according to 66 percent of respondents.

Respondents were asked to rate their cyber resilience on a scale from 1 = low resilience to 10 = high resilience. Only 47 percent of respondent rate their cyber resilience as high to very high resilience (7+ on the 10-point scale). Fifty-five percent of respondents say cyber resilient data storage has value or high value (7+ on the 10-point scale).

 Securing sensitive data in storage is a priority because 36 percent of this data is considered mission critical and on average it can take 12 days following a data security incident to recover mission critical applications. Mission critical applications and data are essential for organizations’ operations and survival. If not recovered, operations could be significantly impacted or brought to a complete halt.

The following findings illustrate the challenges to securing data in storage

 The exploitation of vulnerabilities and ransomware are the two primary reasons a cyber incident occurs. Organizations represented in this research had an average of 7 cyber incidents that resulted in data loss in the past two years. Although challenging to identify root causes, 63 percent of respondents say the root cause was an exploitation of vulnerabilities and 61 percent say it was ransomware.

 Insiders are putting data in storage at risk. According to the research, an average of more than 5,433 employees and third parties have access to sensitive data in storage.  In the past two years, an average of 7 non-cyber incidents resulted in the loss of data. To minimize the threats from non-cyberattacks, organizations should take steps to prevent employee error or negligence (74 percent of respondents) and system hardware or software failures (69 percent of respondents).

 The biggest cost following a cyberattack against data in storage is the recovery of the up-to-date backups of critical data. Respondents were asked to calculate the most significant cost due to a cyberattack against data in storage. The four categories of the total cost of $5 million and the percentage respondents allocated to each cost are recovering up-to-date backups of critical data (31 percent), repairing or replacing affected systems and applications (26 percent), detecting and containing the incident (23 percent) and testing to ensure restored systems are functioning correctly and any vulnerabilities have been addressed (20 percent).

 Protection of data requires an accurate classification of the types of data stored. Only 45 percent of respondents say they know how much data is structured or unstructured. Fifty-three percent say stored data is structured data and 47 percent say it is unstructured. On average, 36 percent is considered “dark” or unclassified.

 Organizations are challenged to consistently manage data across all environments. Only 41 percent say they have a good or a high level of ability to manage data across all environments. Fifty-three percent of respondents say they have a good or a high level of ability to minimize downtime and data loss in the event of an attack and 49 percent of respondents say they are very or highly effective in minimizing downtime and data loss in the event of an attack.

 The most important indicators of cyber resilience in data storage security are Recovery SLAs, RTO and RPOs. Fifty-two percent of respondents measure cyber resilience in data security. Of the respondents that measure cyber resiliency, 59 percent say they measure consistency in achieving recovery SLAs.

Achieving recovery SLAs is critical to ensuring business operations can resume with minimal disruption after an incident, minimize financial and operational damage, set clear measurable goals for service providers and customers and select the best cost-effective solutions.  Fifty-six percent say they validate Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTOs and RPOs ensure that recovery efforts align with business needs by setting clear goals for how systems should be back online and how much data loss is tolerable.

Organizations prepare for the likelihood of a ransomware attack. Organizations have disaster/cyber recovery plans in place to deal with cyberattacks. Seventy percent of respondents say they have a plan for ransomware attacks, 65 percent of respondents say they have a plan for distributed denial of service (DDoS) attacks and 61 percent of respondents have plans for malware, including spyware, viruses trojans and worms.

Controlling employees’ and third parties’ access to sensitive data in storage is important to preventing non-cyberattacks. The primary root cause of a non-cyberattack was employee error or negligence.  Multi-factor authentication access controls (71 percent of respondents) and role-based access controls (RBAC) (63 percent of respondents) are used to protect stored data.

The most important control used in data storage is integration with SecOps tools such as SIEM, Extended Detection & Response (XDR) and SOAR. XDR is a cybersecurity platform that unifies and automates security data collection, analysis, and response across multiple layers of an organization’s environment, such as endpoints, networks, cloud workloads and email. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events.

The benefits of AI in securing data in storage.  Forty-five percent of respondents say the deployment of AI-based security technologies will improve their organization’s data security storage and 53 percent of respondents say AI simplifies data security storage by performing tasks that are typically done by humans but in less time and cost.

Despite the benefits, the two most significant risks caused by AI to data storage security are incorrect predictions due to data poisoning (50 percent of respondents) and poor or misconfigured systems due to over-reliance on AI for cyber risk management.

Click here to read key findings and the full report at PureStorage.com

Leave a Reply

Your email address will not be published. Required fields are marked *