The National Institute for Standards and Technologies defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
The NIST defines a cyber resource as an information resource which creates, stores, processes, manages, transmits, or disposes of information in electronic form and which can be accessed via a network or using networking methods.
According to the Veeam Ransomware Trends 2024, APJ edition, leaders in the region are increasing their budgets for cyber prevention and detection by 6.3%, while spending on recovering technologies will rise by 6.2%. The figures are double the forecasted IT budget increase of 3.5%, according to Gartner.
As organisations in Asia up their cyber readiness postures, it may be critical to revisit some of the issues, challenges, opportunities and options, that organisations will need to address as they look to improve their cyber resilience.
Beni Sia, general manager and senior vice president for Asia Pacific and Japan at Veeam Software believes cyber-resilience begins in the boardroom. “Although the CISO sets the strategy for security, including backup, resilience and recovery, these issues threaten the existence of the company,” he points out.
He posits that the discussion needs to start from the board to the CEO, and then to the CISO. “Even though there are strategies that have been set up, the gaps in the integration of security and backup tools need to be addressed before organisations can address the shared challenges,” he continues.
State of Cyber Resilience in Asia
Sia also posits that the world runs on data. “When it becomes unavailable, businesses, then the world stops. Beyond cyber resilience, companies must factor the five pillars of data resilience: data backup, data security, data recovery, data freedom and data intelligence,” he continues.
The top three vulnerability points
Sia says human error is a top entry point for malware and cyber threats. Organisations are also misaligned for preparedness, causing inadequate response to cyber events. He also suggests that legacy backup systems expose vulnerabilities, and are costly, complex and unreliable. Technologies designed for the client-server era cannot deliver the 24/7/365 availability that today’s businesses demand or provide the ability to restore anywhere.
Finally, he believes that backups are primary targets for cybercriminals. 76% of cyberattacks on backup repositories were successful (Veeam Ransomware Trends Report 2024). Organisations risk paying ransoms or losing critical data if they lose their backups. Strengthening backup security, implementing encryption, and regularly validating backup integrity are essential.
Lowering the cost/risks of cyber threats
It can be argued that most ransomware revelations in the media focus on the amount being extorted by the attacker. The reality is that the depth of every attack can be more severe than what is revealed. An IDC ransomware study reveals that 46% of respondents acknowledged attackers tried to delete their backups with half being successful in the process.
Sia concedes that the ransom amount is only part of the cost to the organisation. Less visible to the public are the costs of downtime, legal costs, reputation management, and absolute recovery, notes Seni.
“Enterprises must have a well-developed incident response and have a clear, actionable plan for responding to breaches. Following a cyber-incident, organisations must focus on immediate containment to prevent further damage. Businesses must have regular, verified backup copies that can be quickly restored." Beni Sia
“Data backup and disaster recovery are shared responsibilities. Some organisations may think they’re covered because of inbuilt data security and protection on the cloud,” warns Sia.
How to leverage emerging technologies with adding risks
While we cheer with the potential every new technology promises, we also need to be cognizant that any of these can be retooled to serve the needs of criminal elements. It is there important to proactively mitigate operational risk and ensure it aligns with data governance and protection principles.
“As AI tools become integral to the modern tech stack, the data landscape needs to keep up with visibility, governance, and protection. Data resilience is an all-encompassing mission that covers identity management, device and network security, and data protection principles like backup and recovery.” Beni Sia
Advise for CISOs
Sia believes that cyber resilience is a shared responsibility achieved by structural, organisational, and cultural alignment. He makes clear that cyberattacks are human issues, not just IT issues, and have far-ranging organisation-wide impacts. And in many cases, strategies are also implemented by those who don’t report to the CISO.
Sia warns that the gaps in integration between security, network and backup teams need to be addressed before organisations can integrate their tool set into one solution to address these shared challenges.
“Start by educating each party. When information sharing is improved, processes will be better integrated across the organisation, and this also makes better cross-functional teams, improving alignment between IT and security teams,” said Sia.
Click on the PodChats player to hear more about Sia’s thoughts on navigating cyber resilience amidst cloud and AI innovations.
- Whose job is cyber resilience? We often hear of breaches. In practice, who is held accountable for failure to achieve cyber resilience?
- Give us a state of cyber resilience of enterprises in Asia as of August 2024.
- Given the state of awareness around cyber threats (and presumably, measures taken to mitigate these risks), where are the top three vulnerability points for most enterprises in Asia?
- How are enterprises addressing these vulnerabilities? Is this sufficient?
- What can enterprises do better to further lower the cost/risks of attacks like ransomware? Conversely, what are they doing not too well thereby being less effective than on paper?
- How can we leverage emerging technologies without introducing new vulnerabilities?
- How can the CISO ensure that they are not introducing new vulnerabilities by engaging with others?
- Finally coming into 2025, what is your advice for CISOs, other members of the C-suite and board, to ensure the effectiveness of their strategies, frameworks and practices not just against ransomware, but against all threats both internal and external?
