With the average number of breached data records topping 25 575 per country, it is not a matter of ‘if’ but ‘when’ a business will get compromised. Irrespective of the company size or industry sector, stealing sensitive data has become big business. This is where the importance of an effective data management strategy is critical.
From backing up to the availability of data following a crisis, decision-makers need to continually evaluate their strategies to ensure they mitigate any potential risks when it comes to data breaches. According to the 2019 Veeam Cloud Data Management Report, organisations will typically invest R600 million this year in technologies such as the cloud, big data, artificial intelligence (AI), and the Internet of Things (IoT) to drive business success.
Furthermore, almost half of the respondents admitted that data protection is imperative to leverage these investments.
“Alarmingly, only 37% of businesses are very confident in their current backup solutions, with the majority (73%) admitting that they cannot meet current user demands. This inhibits the adoption of tools and processes that can drive business advantage. Fortunately, decision-makers realise that work needs to be done and are looking at deploying better data management and multi-cloud solutions across their business,” says Kate Mollett, regional manager for Africa at Veeam.
Considering that the average cost in time to resolve a malicious insiders attack is 51 days, can a business really afford not to take protecting its data seriously? On the positive side, Mollett says the introduction of legislation such as the General Data Protection Regulation (GDPR) and Protection of Personal Information Act (POPIA), has meant local organisations are more aware of the implications and taking data breaches more seriously.
“This is not only in terms of the business impact, but also the reputational damage, and loss of consumer confidence as a result. And, depending on the nature of the breach, fines associated with compliance and regulatory standards can be significant. Companies are very focused on securing their business, becoming more open with how they approach technology solutions, and partnering with other organisations. But as they expand their digital horizons, so too does the potential threat landscape,” she says.
Companies need well thought-out security strategies to protect both their users and data assets. Certainly, technological advances like the cloud and IoT are bringing about a change in how people do business, but this must happen in a secure and compliant way.
“This has seen a change in data management strategies today. Attacks can also be internal – think disgruntled employees, intentional hacks by cyber criminals, or plain human error. In fact, most data breaches are due to people unwillingly or unknowingly sharing company information. This is why phishing is still a massively successful way of gaining entry into an organisation,” she adds.
According to Mollett, technology has a huge role to play in building automated best practices around how data is managed in the organisation.
“Not only must the nature of data be understood and its availability realised, but those who need access to it must also be clearly defined. There will always be a possibility of human error. Of course, user awareness and education campaigns are vital to mitigate against this. Even then, there will always be really sophisticated cyber threats that even specialists might not be aware of. Therefore, the tools we use for data management must continually evolve to protect the organisation and its data.”
Another challenge in the local market revolves around educating businesses about the responsibility required for safeguarding their data in the cloud. It helps that consumers have become more aware of how to protect their personal data. In turn, this will start benefiting the business as well.
“Many people are concerned about data breaches in their individual capacities. Now, this must translate to the business environment. Organisations must therefore be more involved in the solutions that bring Cloud Data Management into the business and not assume that it falls on the cloud service provider to protect data. There is a shared responsibility model where companies must be more involved in data security as their data is their responsibility. Once this starts happening, then the impact of data breaches will be better controlled,” she concludes.