Bylines

Data Security Never Rests: 6 Critical Strategies for Year-Round Defence Against  Evolving Cyber Threats

Because a Strong Security Posture Is a Dynamic Process That Involves Assessing Vulnerabilities and More

At the core of the cyber threat business model is the old adage “hit them where it hurts.” For businesses, that means data. Now, cyber criminals are taking it a step further: hit them when it hurts. This means data security requires constant vigilance, not merely an ad hoc reminder. It is no surprise that cyber felons are on a constant hunt to capitalise on security vulnerabilities, be it outdated network defences or employees who could be the weakest link impacting data security—unintentionally or maliciously.

In Malaysia, cyber breaches have the potential to cause losses of more than USD $10 billion, or over 4% of its GDP. Organisations need to make data security an ongoing priority, put safeguards in place and foster a security-focused culture to protect themselves from costly and escalating risks.

The True Cost of Data Loss

Data fuels every facet of modern business. Losing sensitive or business critical data can have devastating consequences that go far beyond the initial breach. Here’s a look at what’s at stake:

  • Financial damage: Cyberattacks bring immediate financial losses as a result of fraud, ransom payments and theft, alongside costly and time-consuming data recovery efforts.
  • Operational disruption: Attacks can halt critical operations, affecting productivity, supply chains and the timely delivery of products and services.
  • Reputational damage: A single breach can erode years of customer trust and damage a brand’s reputation, as a prominent Malaysian bank found out when it suffered a security breach in May 2024.

Ransomware is emerging as one of the most insidious threats, with attackers refining their methods and becoming ever bolder. Cohesity’s Cyber Resilience Research reveal that 77% of Malaysian companies are compelled to pay ransoms simply because they lack the cyber resilience and robust recovery systems needed to bounce back. This underscores the urgent need for businesses to strengthen their data defences or risk paying a high price.

Key Strategies for Resilient Defence

A strong security posture is never static. It is a dynamic process that involves assessing vulnerabilities, adapting to emerging risks and educating teams to stay one step ahead. To truly protect your organisation and enhance your cyber defence, focus on these key areas to build a more resilient and adaptable defence:

1. Prioritise a risk-based approach in cyber defence.

A risk-based approach to security involves identifying attack vectors, assessing critical IT assets and aligning security procedures specific to your industry and operations. Start with a thorough risk assessment to uncover vulnerabilities that could impact continuity. Next, implement multi-factor authentication (MFA) to enhance security access points and enforce segregation of duties—a practice known as “Quorum” by Cohesity—to ensure no single individual has unchecked or excessive power over sensitive systems.

2. Update and patch software regularly.

Patch early, patch often. Outdated software is a prime target for cybercriminals, so regular updates are vital. Test patches using backups in isolated environments called ‘clean rooms’ to avoid disrupting production, automate updates wherever possible, and stay one step ahead of threats by routinely scanning for vulnerabilities.

3. Prioritise regular and automated backups.

Automate, test and protect your backups. Relying on manual backups invites risk, so automate the process to ensure critical data is backed up regularly. Regular testing of backups should be part of the overall security testing plans to identify any potential security risks. For ultimate security, make backups immutable so that they are protected from tampering even in the event of a ransomware attack.

4. Use cloud backups for resilience.

Cloud storage is revolutionising backup strategies with real-time updates, scalability,and cost efficiency. With continuous data backup, every data change is captured, and in the event of a breach, recovery is faster and easier from any location with an internet connection.

5. Implement a strong incident response plan.

No company is immune to cyberattacks, but a swift and well-prepared response can minimise the impact of an attack. Establish a dedicated incident response team, test your plan regularly with fire-drill exercises and eliminate any uncertainty by making sure everyone knows exactly how to respond.

6. Invest in cybersecurity tools and resources.

While employee training is crucial, it is equally important to have the right security controls in place to effectively defend your organisation against evolving cyber threats. Equip your network with firewalls and intrusion detection systems (IDS) to block malicious activities, leverage AI to detect anomalies in real time, and continuously monitor your systems to respond and minimise the potential for damage. Prevention is always better than cure when it comes to cyber defence.

The Power of ‘Protect, Respond, and Recover’ in Cyber Defence

As we have seen in recent years, cyber risks are escalating as rapid digitalisation expands the attack surface for threat actors. Taking a proactive approach to cybersecurity is the only way to strengthen the security posture of your organisation. Investing in advanced tools and employee training will provide a solid foundation, but your focus should always include the ability to recover quickly. Strong backup strategies, encryption and cloud resilience will protect your most important data from both external threats like cyber criminals and internal failures.

In this cat-and-mouse game where cyber criminals are getting savvier and cyber risks are set to grow, cybersecurity is not just about being immune to attacks, but also about how quickly you can bounce back. Relying on a resilient framework that integrates the pillars of “protect, respond, and recover” will ensure that your organisation can recover swiftly with minimal impact—an essential requirement in this digital era when cyberattacks are a “when” and not “if” scenario.

Lim Hsin Yin

Vice President, Sales – ASEAN, at Cohesity

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *