ASIDE FROM THE CISO, CHIEF EXECS WOULD OFTEN TREAT BACKUP AND RECOVERY PROCESSES LIKE YOU WOULD AN AIRBAG. FORGET IT’ S IN PLACE AT ALL, UNTIL YOU’ RE INVOLVED IN AN INCIDENT AND THEN SUDDENLY YOU’ RE THANKING YOUR LUCKY STARS YOU HAD IT IN PLACE.

F E A T U R E at one point or another, yet 74 % still fell short of data resilience best practices. The threat is only evolving, with smaller groups and so-called‘ lone wolf’ attackers stepping into the gap. And with a new subsection of attackers comes a new set of methods, with the faster data exfiltration attack methods on the rise.

The writing’ s on the wall

The same Veeam report, in collaboration with McKinsey revealed that 74 % of participating enterprises lacked the maturity needed to recover quickly and confidently from a disruption. While cyberresilience gaps are often a case of‘ not realising before it was too late’, in this case, many of these deficiencies were selfreported. But if organisations are aware, why haven’ t they plugged these gaps?

For some, it could be down to the simple fact that they’ ve only just realised. The recent wave of EU-focused regulations, including notably NIS2 and DORA, has spotlighted the issue by requiring organisations to up their resilience across the board. In the build-up to their compliance deadlines over the last year, organisations had to critically assess their full data resilience, many for the first time, revealing several previously unknown blind spots.

But no matter how they realised their gaps, organisations did not fall behind overnight. For many, it’ s happened incrementally with their data resilience standards not keeping up as new technologies and applications have been adopted. With most organisations implementing AI at will to stay ahead of the competition and optimise business processes, the impact on their data profiles has gone largely unnoticed. The sheer amount of data needed and generated by these applications has resulted in sprawling data profiles that fall far outside existing data resilience measures.

Pair this with an underdeveloped understanding of modern data resilience, and you’ ve got a recipe for disaster. It’ s often a case of‘ you don’ t know what you don’ t know’. As a result, many organisations have been benchmarking themselves against the wrong yardsticks. Take your standard tabletop exercise, sure; it’ s better than nothing, but data

“ resilience can’ t be measured on paper. In theory, their processes might work, but it’ s a whole other story.

Taking a step in the right direction

So, what is next? Rather than waiting for an incident to come along and put them to the test, organisations need to get comfortable with being uncomfortable. That means proactively uncovering and addressing gaps, however uneasy it might make them feel.

The first step for any organisation with below-par data resilience should be to gather a clear picture of your data profile, namely; what you have, where it’ s stored, and why you do or don’ t need it. With this, you can reduce at least some of your data sprawl by filtering out any obsolete, redundant, or trivial data to focus on

ASIDE FROM THE CISO, CHIEF EXECS WOULD OFTEN TREAT BACKUP AND RECOVERY PROCESSES LIKE YOU WOULD AN AIRBAG. FORGET IT’ S IN PLACE AT ALL, UNTIL YOU’ RE INVOLVED IN AN INCIDENT AND THEN SUDDENLY YOU’ RE THANKING YOUR LUCKY STARS YOU HAD IT IN PLACE.

Intelligent Data Centres Issue 77 | Page 39

ASIDE FROM THE CISO, CHIEF EXECS WOULD OFTEN TREAT BACKUP AND RECOVERY PROCESSES LIKE YOU WOULD AN AIRBAG. FORGET IT’ S IN PLACE AT ALL, UNTIL YOU’ RE INVOLVED IN AN INCIDENT AND THEN SUDDENLY YOU’ RE THANKING YOUR LUCKY STARS YOU HAD IT IN PLACE.

“ resilience can’ t be measured on paper. In theory, their processes might work, but it’ s a whole other story.

ASIDE FROM THE CISO, CHIEF EXECS WOULD OFTEN TREAT BACKUP AND RECOVERY PROCESSES LIKE YOU WOULD AN AIRBAG. FORGET IT’ S IN PLACE AT ALL, UNTIL YOU’ RE INVOLVED IN AN INCIDENT AND THEN SUDDENLY YOU’ RE THANKING YOUR LUCKY STARS YOU HAD IT IN PLACE.