Legacy backup is ineffective against today’s cyberthreat and ransomware models. How then should organizations in Asia Pacific address critical data protection?

According to a recent report by Rubrik’s Zero Labs, a staggering 92% of global IT and security leaders expressed deep concerns about maintaining business continuity in the face of an attack. Surprisingly, despite 99% of external organizations having a backup solution, up to 93% continued to encounter significant issues such as bandwidth limitations and infrastructure gaps.

With cybersecurity emerging as a paramount concern for businesses today, CybersecAsia discussed some of the key findings of the report with Abhilash Purushothaman, Vice President & General Manager (Asia), Rubrik.

What are some key findings from Rubrik’s latest Zero Labs report, with regards to the APAC cybersecurity landscape?

Abhilash Purushothaman (AP): The increasing digitization of the world has led to an explosion of data with cybercriminals now valuing data as an organization’s most valuable asset. This new “crown jewel” has become today’s most desired commodity and organizations are finding themselves under mounting pressure to protect it. As cyberthreats and ransomware models continue to grow in sophistication, our recent Rubrik Zero Labs (RZL) report identifies several key insights:

Ongoing prevalence of cyber-attacks: Cyber-attacks are widespread and almost inevitable for organizations. Nearly every company surveyed had experienced a cyber-attack, with 66% of respondents in Singapore reporting that their organizations had faced between 1-25 attempted cyber-attacks.

High frequency of cyber-attacks: IT and security leaders in APAC organizations were made aware of cyber-attacks frequently. On average, they were notified about a potential cyber-attack 52 times in 2022, which translates to approximately one attack per week.

Abhilash Purushothaman, Vice President & General Manager (Asia), Rubrik.

Zero trust initiatives: 62% of organizations in Singapore have implemented at least one zero trust initiative, recognizing the importance of continuous verification and not trusting any entity by default.

Legacy data backups: Legacy data backup solutions are falling short in defending against cyber-attacks like ransomware. Nine out of 10 organizations globally reported attempts by malicious actors to impact their data backups during cyber-attacks, with a success rate of 73% for these attempts.

How should organizations safeguard their critical data assets against increasingly sophisticated cyber-attacks?

AP: First and foremost, businesses need to come to terms with the fact that cyber-attacks are now inevitable. By shifting to an ‘assumed breach’ mindset, business leaders should focus on minimizing the impacts of such events to ensure business continuity.

Having only infrastructure security or using legacy backup solutions will not be enough to achieve true cyber resilience. By assuming that breaches will occur, focused efforts that merge cyber recovery and cyber posture on a zero-trust platform across enterprise, cloud, and Software-as-a-Service (SaaS) will help safeguard any organization’s critical data.

In the event of a cyber-attack such as ransomware, victims require insights to understand where they are compromised to recover efficiently as well as prevent reinfection. Business leaders are better protected when they choose solutions and vendors who share responsibility for the organization’s cyber resilience – while businesses adopt preventive measures, vendors play a vital role in providing tools, expertise, and support for rapid recovery.

Essentially, safeguarding critical assets is not just about preventing attacks; it is about quickly recovering data by isolating the point of infection and the blast radius. 

For this to happen, companies need to also prioritize data security as part of a holistic cybersecurity strategy to effectively overcome modern cyber attacks like ransomware. This cannot be done in silos – a collaborative approach involving operational and security teams, along with alignment at the CXO level, is crucial. Ultimately, cyber resilience is about rapid recovery and constant adaptation to evolving threats, fostering a proactive mindset throughout the organization.

With the concerning rise in ransomware attacks, what should organizations be aware of in terms of the TTPs employed by bad actors to infiltrate systems and extract data?

AP: With ransomware attacks, bad actors aim to get hold of an organization’s sensitive data and hold it for ransom. More recently, some cybercriminals have turned to legacy backups as a hunting ground. Our Rubrik Zero Labs research showed that 93% of organizations have reported that malicious actors tried to impact data backups – with at least 73% of them being successful.

Legacy backups were built decades ago to withstand natural disasters and low-frequency, high-impact events that rarely happened. Today, where ransomware attacks are estimated to strike every 2 seconds in the next 10 years, these backups are vulnerable points for exploitation.

Elsewhere, the use of AI in cyberattacks is becoming increasingly common. For example, cybercriminals have employed AI in sophisticated attacks like phishing, evasion, and automated malware generation. To counter this, organizations themselves must employ AI for advanced threat detection and response, augmenting human capabilities with AI to develop countermeasures.

By leveraging AI, businesses can navigate difficult tradeoffs in the aftermath of cyber-attacks to help minimize data loss and reduce downtime. Simply put, we now have to fight fire with fire.

How can organizations leverage threat intelligence to efficiently manage, protect, and extract real value from their data across hybrid and multi-cloud environments?

AP: Threat intelligence has become imperative to organizations as it enables them to proactively detect signs of compromise or intrusion across cloud environments, where vast pools of data are available.

In a typical cyber-attack scenario, panic ensues as decision-makers grapple with the pressure to resolve an issue beyond their individual capabilities. Often, this leads to giving in to ransom demands. In fact, our RZL report revealed that 85% of organizations in APAC paid ransoms, but unfortunately, only 16% of them were able to fully recover their data.

Business leaders today need to be equipped with threat intelligence to be able to analyze their backups and identify indicators of compromise (IOCs). This gives them a clear understanding of compromised or infected data, the blast radius of the attack, as well as whether the ransomware has found its way to sensitive data that the organizations cannot continue without.

This highlights the need for a data security partner that has threat intelligence to continuously monitor data risks as well as provide tools for identifying and managing data access, which is crucial in facilitating rapid data remediation in the event of a breach.

What are some key strategies to ensure cyber resilience in the face of the evolving challenges in data protection, data loss, backup and recovery? How does a ‘zero trust’ approach look like in today’s business environment?

AP: The most crucial aspect of achieving cyber resilience is for businesses to understand that cyber attacks will happen – which is why they need to put in place strategies to prepare for and recover from cyber-attacks.

This involves adopting an “assumed breach” or Zero Trust posture, and focusing efforts on safeguarding critical data that the company cannot function without. One such approach is for businesses to integrate AI into their data risk monitoring systems to help detect IOCs, advise on next steps, and automate recoveries.

For example, Rubrik recently announced the agreement to acquire Laminar, a leading data security posture management (DSPM) platform, creating the industry’s first complete cyber resilience offering of its kind by bringing together cyber recovery and cyber posture across enterprise, cloud, and SaaS. This complete cyber resilience offering will help equip users with a more proactive approach to combat sophisticated cyber threats with AI-driven technology.

Beyond using AI in cyber recovery, continuous data backup should be maintained in a secure manner to prevent attackers from accessing and manipulating backup data. This forward-looking approach enables early detection and containment of potential threats and ensures a clean backup copy for organizations to confidently recover from.