• About
  • Subscribe
  • Contact
Friday, May 9, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Technology Data Protection

PodChats for FutureCISO: Navigating cyber resilience amidst cloud and AI innovations

allantan by allantan
September 6, 2024
PodChats for FutureCISO: Navigating cyber resilience amidst cloud and AI innovations

PodChats for FutureCISO: Navigating cyber resilience amidst cloud and AI innovations

Share on FacebookShare on Twitter

The National Institute for Standards and Technologies defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.

The NIST defines a cyber resource as an information resource which creates, stores, processes, manages, transmits, or disposes of information in electronic form and which can be accessed via a network or using networking methods.

According to the Veeam Ransomware Trends 2024, APJ edition, leaders in the region are increasing their budgets for cyber prevention and detection by 6.3%, while spending on recovering technologies will rise by 6.2%. The figures are double the forecasted IT budget increase of 3.5%, according to Gartner.

As organisations in Asia up their cyber readiness postures, it may be critical to revisit some of the issues, challenges, opportunities and options, that organisations will need to address as they look to improve their cyber resilience.

Beni Sia, general manager and senior vice president for Asia Pacific and Japan at Veeam Software believes cyber-resilience begins in the boardroom. “Although the CISO sets the strategy for security, including backup, resilience and recovery, these issues threaten the existence of the company,” he points out.

He posits that the discussion needs to start from the board to the CEO, and then to the CISO. “Even though there are strategies that have been set up, the gaps in the integration of security and backup tools need to be addressed before organisations can address the shared challenges,” he continues.

State of Cyber Resilience in Asia

Sia also posits that the world runs on data. “When it becomes unavailable, businesses, then the world stops. Beyond cyber resilience, companies must factor the five pillars of data resilience: data backup, data security, data recovery, data freedom and data intelligence,” he continues.

The top three vulnerability points

Sia says human error is a top entry point for malware and cyber threats. Organisations are also misaligned for preparedness, causing inadequate response to cyber events. He also suggests that legacy backup systems expose vulnerabilities, and are costly, complex and unreliable. Technologies designed for the client-server era cannot deliver the 24/7/365 availability that today’s businesses demand or provide the ability to restore anywhere.

Related:  The platformification of security

Finally, he believes that backups are primary targets for cybercriminals. 76% of cyberattacks on backup repositories were successful (Veeam Ransomware Trends Report 2024). Organisations risk paying ransoms or losing critical data if they lose their backups. Strengthening backup security, implementing encryption, and regularly validating backup integrity are essential.

Lowering the cost/risks of cyber threats

It can be argued that most ransomware revelations in the media focus on the amount being extorted by the attacker. The reality is that the depth of every attack can be more severe than what is revealed. An IDC ransomware study reveals that 46% of respondents acknowledged attackers tried to delete their backups with half being successful in the process.

Sia concedes that the ransom amount is only part of the cost to the organisation. Less visible to the public are the costs of downtime, legal costs, reputation management, and absolute recovery, notes Seni.

Beni SIa

“Enterprises must have a well-developed incident response and have a clear, actionable plan for responding to breaches. Following a cyber-incident, organisations must focus on immediate containment to prevent further damage. Businesses must have regular, verified backup copies that can be quickly restored." Beni Sia

“Data backup and disaster recovery are shared responsibilities. Some organisations may think they’re covered because of inbuilt data security and protection on the cloud,” warns Sia.

How to leverage emerging technologies with adding risks

While we cheer with the potential every new technology promises, we also need to be cognizant that any of these can be retooled to serve the needs of criminal elements. It is there important to proactively mitigate operational risk and ensure it aligns with data governance and protection principles.

“As AI tools become integral to the modern tech stack, the data landscape needs to keep up with visibility, governance, and protection. Data resilience is an all-encompassing mission that covers identity management, device and network security, and data protection principles like backup and recovery.” Beni Sia

Advise for CISOs

Sia believes that cyber resilience is a shared responsibility achieved by structural, organisational, and cultural alignment. He makes clear that cyberattacks are human issues, not just IT issues, and have far-ranging organisation-wide impacts. And in many cases, strategies are also implemented by those who don’t report to the CISO.

Related:  Cyber-attacks, top cause of business outages, study finds 

Sia warns that the gaps in integration between security, network and backup teams need to be addressed before organisations can integrate their tool set into one solution to address these shared challenges.

“Start by educating each party. When information sharing is improved, processes will be better integrated across the organisation, and this also makes better cross-functional teams, improving alignment between IT and security teams,” said Sia.

Click on the PodChats player to hear more about Sia’s thoughts on navigating cyber resilience amidst cloud and AI innovations.

  1. Whose job is cyber resilience? We often hear of breaches. In practice, who is held accountable for failure to achieve cyber resilience?
  2. Give us a state of cyber resilience of enterprises in Asia as of August 2024.
  3. Given the state of awareness around cyber threats (and presumably, measures taken to mitigate these risks), where are the top three vulnerability points for most enterprises in Asia?
  4. How are enterprises addressing these vulnerabilities? Is this sufficient?
  5. What can enterprises do better to further lower the cost/risks of attacks like ransomware? Conversely, what are they doing not too well thereby being less effective than on paper?
  6. How can we leverage emerging technologies without introducing new vulnerabilities?
  7. How can the CISO ensure that they are not introducing new vulnerabilities by engaging with others?
  8. Finally coming into 2025, what is your advice for CISOs, other members of the C-suite and board, to ensure the effectiveness of their strategies, frameworks and practices not just against ransomware, but against all threats both internal and external?
Tags: PodchatsransomwareVeeam
allantan

allantan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • DDoS attacks surge in Asia Pacific, claims Cloudflare
  • Reimagining security for the AI Era
  • PodChats for FutureCISO: Articulating the business value of security in 2025
  • New standard for cybersecurity at the storage layer
  • Cybersecurity challenges persist despite improved defenses

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl