As of 2020, 50 percent of all corporate data is stored in the cloud. In a year that was defined by a shift towards remote work, data recovery has never been more important. Businesses now rely on digital data, whether it’s hosted in the public cloud or on-premises.
Perhaps unsurprisingly, last year’s increased commitment to IT came with a surge in high-profile cyberattacks and data breaches to match it.
Here are three cautionary tales, and the lessons that can be learned from each.
In January of 2020, hackers gained access to a database containing personal information on over five million of Marriott International’s customers. The login details of two employees were compromised and used to access the sensitive data. To make things worse, it came just two years after a similar breach that cost Marriott over £18 million.
Protecting sensitive information isn’t just a matter of shielding it from ill- intentioned outsiders. Research has shown that as much as 33 percent of the average organisation’s sensitive data is open for all employees to access.
Instilling a security-first IT culture is a necessity, as is investing in strong identity and access management (IAM) tools and processes.
The Marriott incident could have been avoided if the profiles in question hadn’t been given access to millions of private records, and if they’d had two-factor authentication enabled. Protect against malware that makes use of the ‘credential stuffing’ approach, and train employees in security best practices – like using different passwords for different websites.
July 2020 saw another major data breach, this time from blogging giant Wattpad. A discrete cyberattack from an infamous group of database hackers resulted in 270 million records being sold for a reported $100,000 - all before the victim had a chance to react. They were then shared on public forums, for free.
With 28 percent of all data breaches involving malware, it’s important to track and monitor your IT infrastructure as regularly and closely as possible or outsource the job to cybersecurity experts. By some estimates, small businesses in the UK are subject to nearly 10,000 attempted cyberattacks every day, so investing in increased security visibility is worthwhile.
July was a busy month for data breaches. Once the city of Lafayette, Colorado found that mission-critical information had been subject to a ransomware attack, their IT team attempted to restore the encrypted data from a separate backup. It didn’t work, and they were forced to pay out $45,000 to get essential services back up and running.
While Lafayette’s IT team at least tried to back up their data, many don’t even manage that. A 2020 survey of eCommerce retailers found that a quarter had permanently lost “critical business data” for a variety of reasons. Of those respondents that had experienced significant data loss, 60 percent hadn’t been backing up their web data at all.
It’s not an issue limited to those in eCommerce. A cross-industry survey found that around 21 percent of SMBs still don’t backup data properly, and aren’t prepared for a disaster recovery situation. As many as 96 percent of organisations experienced an IT outage in the last three years.
At a bare minimum, you should be backing up your business’ data to safeguard against costly ransomware attacks and IT outages. Ideally, you should be testing that backup regularly, and have a disaster recovery process written into your company (and city!) policies.
Don't be the next company on a list like this one. Be prepared; data backup is non-negotiable, but as remote work – and the likelihood of a data breach – increases, so is business continuity planning and dedicated email, web and database security. Proactively invest in protection so you don’t have to pay for the consequences of a reactive data security strategy.