By Drew Daniels, CIO and CISO, Druva
This past year, cyber resiliency proved to be a vital asset to ensure business continuity, and it’s one that will continue to take precedence in 2021. Over the last 12 months, we have witnessed cloud migrations continue to happen, now on an accelerated timeline on a global scale as organizations adapt to a digital workplace. Unfortunately, the numbers seem to indicate that only a handful of businesses were fully prepared to operate in the digital realm in a secure way before our world changed dramatically last year. The rate of ransomware attacks across industry sectors has increased exponentially and has become an all-too-common occurrence for businesses around the world that weren’t prepared to protect their digital assets. These trends are going to continue for the foreseeable future.
Cyberattacks adopted increasingly malicious tactics in 2020, targeting some of our most vulnerable and essential industries during a time of crisis. As the stakes of ransomware continue to rise, last year 73 percent of IT leaders expressed increased concerns around protecting their organizational data from these cyber attacks. Many are already anticipating 2021 to be even worse, with Babuk Locker becoming the first new form of ransomware targeted against the enterprise just days into the new year. With this said, the time is now for organizations to proactively address their data management and protection strategies in order to help significantly reduce their data risk.
With the growing risk of ransomware threatening the enterprise, being prepared is not optional in 2021. To best protect organizations and individuals across the globe, it is critical for cybersecurity leaders to be cognizant of the latest threat, the industries that are most vulnerable to ransomware attacks, and how to proactively defend organizational data. Most importantly, security and IT leaders need a clear plan to ensure a speedy and effective recovery of business networks when it inevitably is targeted.
In 2021, it’s expected cyberattackers will up the ante in the healthcare sector and laser their focus on extorting more stolen and sensitive patient data to gain the largest amount of profit. As the recent Ryuk attacks demonstrated, these hackers are intent on asserting their dominance in this industry. As these enterprises lead the charge to tackle one of the most unprecedented situations in the last century, data protection will be even more critical to minimize the impact of these malicious actors.
Today’s dynamic threat surface means organizations in the healthcare sector – and every other industry – must commit to getting ahead of cybercriminals as much as possible. They are relentless in their pursuit, but a robust data protection strategy can help blunt those efforts considerably. A strong data protection architecture is fundamental in ensuring that confidential and sensitive data, like personally identifiable information, is accounted for (know where your critical data is located) and protected against ransomware intrusion with features like end-to-end encryption and air-gapping. The focus in 2021 should be on backing up critical data and tightening data retention compliance so businesses have the opportunity to restore it at a future point in time, if and when required.
Ultimately, this last year shed light on many vulnerabilities behind digital networks and infrastructures, and the importance of cyber resiliency for businesses to remain operable and secure. Unfortunately, as the value of data continues to rise, so does the profit in exploiting, exfiltrating and distributing this data. We should expect an evolving threat landscape in the new year, and while predicting the future is always uncertain, it’s undoubtedly true that mitigating the risk and exposure to these types of attacks will become the new normal in the year to come.
About the Author
Drew Daniels is the CIO and CISO of Druva. Drew brings a passion for helping companies scale global operations, success implementing robust security protocols and more than 20 years of experience to Druva. At Druva, Drew focuses his time on efficient operations processes, identifying security risks, and leading the technical operations functions. Prior to joining Druva, he was the global CSO and CIO at Qubole, where he led the company in achieving SOC2 Type II, ISO-27001, and HIPAA compliance, while also helping the company grow revenue by more than 5X, significantly reduced costs across all operational areas and achieved a number of significant milestones with customers and partners.
Drew has co-authored two books on the topics of networking, security, and the domain name service, and also works within the international community as a non-profit board member and advisor for organizations whose mission is to develop the next generation of technology professionals.
First Name can be reached online at https://www.linkedin.com/in/andrewdaniels and at our company website https://www.druva.com/about/leadership/andrew-daniels/