Winning the data protection game: How to stay ahead in a complex threat landscape
Chris Greenwood, UKIMEA Data Services & Storage Vice President
It has been said before, but I’ll say it again, it’s not a matter of if, it’s a matter of when – cyber attacks and unexpected outages are happening all around us every day, and no organisation is immune. Just look at the NotPetya ransomware attack in 2017 that left global shipping company Maersk offline and unable to operate. They weren’t even the intended target, but happened to be interacting with the primary focus of the attack. Suffering over $300 million in losses and huge reputational damage, they’ve been very open about the attack in the hopes of helping other organisations.
50% of UK businesses reported a cyber attack in 2024, and with threats growing more sophisticated, the need for robust data protection and recovery strategies has never been more critical. Organisations must prioritise proactive measures to safeguard their operations and minimise the impact of inevitable breaches.
Preparing for increasing threats
Threats are growing more complex, and the Head of GCHQ’s National Cyber Security Centre (NCSC) has indicated that cyber risk is ‘widely underestimated’ in the UK, issuing a warning that cyber security needs to be seen as an essential foundation and necessary business investment.
“Hostile activity in UK cyberspace has increased in frequency, sophistication and intensity. We see this in the intelligence we can access through being part of GCHQ.”
“Actors are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.” – Richard Horne, Head of GCHQ’s NCSC*
There are many ways to protect your data and infrastructure, depending on your desired security stance and aims as an organisation. Protecting at the boundary can stop threats from entering; monitoring and controlling communications and preventing unauthorised access to data with firewalls and gateways. However, if threat actors want to gain access to your data, they’re going to find a way, and much like a game of chess, the key is to be one move ahead to avoid the fatal checkmate.
Recovering from cyber attacks
If we assume that at some point, we’ll lose our game of chess, the crucial move is to understand the process and journey back to normality. Following a precise and clear pre-planned ‘playbook’ will give you immediate reassurance under the pressure of an attack. The objectives are then to recover and restore data as quickly as possible.
Your recovery point objective (RPO) and recovery time objective (RTO) are important metrics when considering a disaster recovery plan. The RPO refers to the most recent point in time that data is available to recover from – ideally, we want this to be as recent as possible. The RTO refers to the amount of downtime before operations are back up and running – ideally, we want this to be as low as possible. Adopting a cyber security solution that fits these objectives is the best way of ensuring your organisation gets back up and running as quickly as possible.
A comprehensive disaster recovery and business continuity solution will offer the best protection, allowing you to recover quickly, as well as test your systems regularly. Providing incredible resilience, Zerto offers continuous data protection, fully automated and orchestrated recovery, frequent testing, patch management and enhanced encryption detection. This comprehensive solution protects some of the most critical applications in the world, with only seconds of RPO, enabling a rapid restoration of data.
A cyber recovery vault is key in this game - an offline, locked down vault that offers air-gapped recovery. This room of data is disconnected from your environment and allows you to recover from the point of impact within a short space of time. Our Zerto Cyber Resilience Vault combines an immutable data vault with an isolated recovery environment. This ensures that, once created, data cannot be modified or deleted and provides a clean environment to recover data from.
Where to start
If you’re not quite sure how to make the first move in creating a disaster recovery or cyber security plan, it’s a good idea to call in some expert advice to look at your current environment, security stance and where you’d like to get to. Here at HPE, we work with organisations to help them put together suitable solutions that are a good fit for them and will support them well into the future.
Speaking at the NCSC’s Annual Review launch, Richard Horne urged that, “There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals… And what is clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”
It’s time to harness technology to drive a security solution that meets the increasingly sophisticated threats that continue to loom.
If you’re looking to increase or enhance your cyber security, or are just interested in reviewing your options, contact your HPE account manager or visit https://www.hpe.com/uk/en/zerto.html
Ukimea Insights
Hewlett Packard Enterprise
twitter.com/HPE_UKI
linkedin.com/company/hewlett-packard-enterprise
hpe.com/uk
