There’s always a new statistic or survey for pretty much anything you can picture being released at any given time, but sometimes one stands out and makes you pay attention. Such was this recent survey from Scalar focused on “Cyber Security Readiness of Canadian Organizations”. Calling Ottawa home, I’m always keen on comparing Canadian efforts against what I see across the broader global spectrum and security is definitely one topic I had to dive into.
I was feeling rather mixed on my take on the results. On the one hand, I was pleasantly surprised to see that security and planning for data breach and recovery are an increasingly high priority within Canadian companies, but dismayed at the fact that execution and confidence still lags. For example, with 87% of respondents stating they experienced at least 1 breach in the past year, only 32% had an updated and fully documented response plan in place. Plans are good, out of date plans are not. So where is the gap? Organizations are now carving off at least 10% of their IT budget and headcount for IT Security initiatives, but still lack confidence in the overall program. Is it the tools? Is it the scope? Or is it analysis paralysis?
The survey was quick to point out something that should be obvious: The endpoint remains the key focus for prevention of an attack. However, the counterpoint is that 40% of organizations are concerned with the protection of the data at the edge. It’s important, yet we’re not confident we have visibility across the board to protect/recover the data we need. This is the main point I wanted to discuss – recovery. I’m not discounting the need for prevention, but if the plan is only structured around stopping an attack and 87% of those polled had at least 1 successful attack get past their defences…then part two of the plan needs to be rapid recovery. This can be back to the original location or (more commonly now) the cloud. In the event of a breach many are not confident in the immediate integrity and security of the original system, and thus the need for recovery outside of that location. If you don’t know where your data is (or need 3 or 4 tools to figure that out) then you’re also at a disadvantage.
Simplicity. Visibility. Consistency. These things are all critical in prevention and recovery efforts. Do you have a single view across your data? Can you easily move and recover what you need where you need it – fast? Can you ensure that the same policies and security can be applied across all your data whether it lives within your organizations “four walls”, in the cloud, or at the edge? If you can’t say “yes” in the context of your current solution then it’s time to talk to someone (*cough* Like Scalar) to bring about change.
You don’t want to be the statistic on what not to do – Protect your data, make sure it can be recovered. I suggest our whitepaper, Ransomware: 4 Ways to Protect and Recover so you’re ready to “Stand on guard” for both your clients and their data 😊