As the world transitions online, cyber threats have increased dramatically. Ransomware seems to have capitalised the most. In the last few months, a slew of organisations from different countries had to deal with increasingly sophisticated ransomware attacks.
Given the vast amount of data being produced, especially in the COVID-19 era, backups are critical as they offer a fallback in the event of a cyber breach. But having more comprehensive, robust data protection strategies is the need of the hour.
In the increasingly Volatile, Uncertain, Complex and Ambiguous (VUCA) environment, organisations should be covered 24/7, year-round. They need systems that offer multi-protocol support for the vast amount of data they have and ones that can deliver results at an unprecedented speed. Platforms need to be designed to be fully customisable and easy to deploy for the best user experience so users must be able to expand and upgrade it conveniently and without disruption.
The solution must have the capability to protect saved data and backup metadata by creating a secure copy that ransomware cannot eradicate, modify or encrypt even with admin credentials. The good news is that there are a plethora of ways for a business to meet their Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) from snapshots to mirroring.
This was the focal point of the OpenGovLive! Virtual Breakfast Insight held on 8 July 2021. This session aimed to provide the latest information on prioritising data backup to defend against ransomware threats, ensuring compliance and critical data availability.
This session served as a great peer-to-peer learning platform to gain insights and practical solutions to integrate cutting-edge tools and technologies for public sector communication and to scale these, as necessary.
Finding Partners to Recover Data
To kickstart the session, Mohit Sagar, Group Managing Director and Editor-in-Chief at OpenGov Asia delivered the opening address.
While the adoption of different technologies significantly increased during the pandemic, the solutions cannot be termed digital transformation as organisations, for the most part, deployed band-aid technologies and ad-hoc platforms to stay afloat.
Pushed by COVID-19-driven needs and used to private sector delivery quality, citizens expect services at an unprecedented level. The open market offers not only a wide variety of options but the ease of business and efficient service.
Banks, too, need to focus on enhancing citizen experience and provide them with great and personalised services. In the past, the benchmark of personalised customer experience was set by them, but during the pandemic, retail outlets have been leading the way by utilising a plethora of cutting edge solutions.
As a result, people have become even more demanding about what they want and have expectations of how it should be provided.
In perspective, though, while personalisation is a critical part of delivering the best experience for customers, it does make organisations more vulnerable to cyberattacks. When the pandemic started, people thought that cybercrime would slow down. In fact, cyber actors used the pandemic as an opportunity to increase their attacks as people started to work remotely. Ransomware, for example, has been crippling the economy – organisations, banks and governments all have succumbed.
Instead of merely focusing on the security aspect, Mohit suggests, organisations should concentrate on data recovery if data gets taken away.
Mohit emphasised the importance of partnership in securing and recovering data. Finding the right partners is paramount in recovering organisations’ critical data. Having competent partners who can focus on the data protection, data recovery and compliance needs against ransomware threats, allows businesses to focus on their main tasks and key deliverables.
Modernising Data Protection and Data Recovery
The delegates next heard from Sunil Chavan, Vice President- Emerging Technology Solution Sales, APJ at Pure Storage who discussed how ransomware impacts data management strategy in financial services.
Ransomware is now a national security issue for countries around the world evidenced by the many recent ransomware attacks. Most recently a backup software company was attacked by ransomware. Even a company that is supposed to help customers to manage their backup can also be a victim of a ransomware attack. This incident highlights the fact that no organisation is immune to ransomware.
Pure Storage is working with regulators and trying to understand their regulatory frameworks on ransomware. The main issue of ransomware is the loss of credibility of organisations with their customers. When the bank systems are crippled, regaining the trust and confidence of the customers is hard.
In financial services, technology and innovation are driving industry change at an increasingly rapid pace. Banking industries also need to face new challenges which include cost pressures, new competition, high expectations from customers and regulatory transformation. The new challenges create new opportunities for financial-services organisations if they use data in the right way.
The banking industry has been at the forefront of data protection. However, in the post-pandemic world, a vast amount of digital data is being created. Hence, banks need to improve their backup and restore data quickly.
Pure Storage goes beyond merely providing backup and guarantees a better rapid recovery of data in case of any ransomware attack.
Pure Storage has a feature called SafeMode to store data safely and when data gets locked due to ransomware, organisations can take the safe copy and recover the business quickly. This mode enables organisations to lock down data from malicious attacks. It creates read-only snapshots of backup data and associated metadata catalogues. Their snapshots cannot be deleted, encrypted or modified.
Numerous governments and organisations have pledged to not pay ransom to the cyber actors. Hence, organisations need to ensure they can return to normal so clients do not suffer.
Pure Store offers four solutions to empower organisations:
- Activate modern analytics: Leverage more of agencies’ data to accelerate time-to-insight and support Artificial Intelligence (AI) initiatives.
- Accelerate core applications: Enable rapid response times with enterprise resiliency and game-changing cost reduction.
- Enable hybrid cloud: Design applications that take advantage of the agility and innovation of multiple clouds at the same time.
- Modernise data protection: Deliver industry-leading availability while enabling comprehensive data protection across the enterprise.
In closing, Sunil shared that Pure Storage has been focusing on improving data protection activity and will continue to improve its services in the face of ransomware threats. Pure Storage helps the financial industry in its digital transformation journey by accelerating new edge infrastructure to enhance engagement with the customers.
International Case Study
The next speaker Kiran Kumar Sivapurapu, Technology Expert at Nationalised Bank elaborated on challenges and solutions of ransomware threats for financial institutions.
Ransomware is a type of malware that denies users and system administrators access to files or entire networks. Once the malware infects systems, threat actors will send a ransom note typically demanding payment in Bitcoin.
Ransomware has become a serious threat in this era. Kiran showed statistics about the amount of money from ransomware attacks is worth about US$ 20 billion. Ransomware usually targets the most common system that people use daily.
These are the most common challenges for financial institutions regarding ransomware attacks:
- Organisation IT security awareness
- Cybersecurity and data protection investments
- Data classification and prioritisation
- End-devices or touchpoints management and their protection
- Dealing with legacy systems and patch management
- Network security and isolation challenges
- Meeting massive scale application
- Protecting backup copies
- No one-stop data protection solution available for all types of workloads
- End-user experience
Kiran opined that the three basic pillars of any company are people, process, and technology. Having the right set of people, processes and technology are essential to deal with ransomware threats.
He also highlighted preventive measures of a data protection strategy. Organisations should not put all critical data in a single storage basket. They need to create immutable snapshots for quick recovery and implement Journal Based Continues Data Protection (CDP). Organisations identify the right way to backup for app and data consistency.
In closing, Kiran emphasised the importance of the three basic pillars and organisations need to focus on investing in people, processes, and technology. The three pillars define the level of resilience in an organisation against ransomware.
Interactive Discussion
After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences and impart professional learning and development for participants.
The first question asked what the organisations’ most important IT priority was. Half of the delegates (50%) prioritised digital transformation and innovation. Almost one-third (30%) focused on improving efficiencies and reducing maintenance costs. One-fifth (20%) chose service-oriented applications as their main focus.
The next query was on challenges that delegates have with managing change in data or business requirements. A little over a third (38%) chose lack of flexibility or agility in current systems as their main challenge. About a third (31%) said that their biggest challenge was the time involved to make changes. A quarter (25%) voted that organisational commitment to look at new technologies was the key challenge. Only 6% of delegates chose leveraging cloud models as their main challenge.
On the issue of why digital transformation requires new IT strategies, just over two-thirds (67%) agreed that evolving business value is the main reason why new IT strategies are necessary. Some delegates and the speakers agreed that financial institutions have to be agile and robust to win over the competition, especially with emerging financial technologies. Delegates were evenly split between new IT enablers (13%) and partnering for capabilities (13%) as the reason why new IT strategies are necessary. Only 7% chose external customer-centricity.
On being asked about the biggest challenge for their organisations when faced with a ransomware attack, delegates were evenly split between compromised backup copy (38%) and customers’ confidence in the company (38%). A little less than a quarter (24%) chose the long time required to recover data from backup as their biggest challenge.
The next question was on the most important feature that the delegates expect from the Kubernetes Data Services Platform. Almost half (46%) chose elastic scalability and agility to run in the cloud, on-prem, and in hybrid/multi-cloud environments. The balance participants fell equally between data protection (18%) and data security (18%) for their Kubernetes applications. The remaining delegates (12%) chose ease of migration across clusters, racks, and clouds. Only 6% said capacity management was the best feature.
The last question inquired about which infrastructure tech modernisation areas that organisations are investing in or planning to invest in support of digital transformation. Almost half (42%) have invested in or planned to invest in Data Services (protection, location optimisation, security and compliance, integration and orchestration) for hybrid cloud. One-third (33%) chose converged or aggregated infrastructure. A quarter (25%) chose the service approach and nobody chose ransomware protection.
Conclusion
The Virtual Breakfast Insight ended with the remarks from Catharina Hadiningtyas, Country Manager at Pure Storage Indonesia. Catharina gave a recap of SafeMode as the feature that can help organisations to recover data quickly. This element can help organisations that are currently facing a problem of slow recovery.
She thanked everyone for actively participating in the discussion. The feedback from delegates gave Pure Storage insights on the challenges that Indonesian government organisations are currently facing and the priorities they are focusing on.
