Dave Russell, Vice President of Enterprise Strategy, Veeam, sees stronger demand for zero trust frameworks which help businesses prepare for the inevitable cyberattack.
Zero trust has gained significant traction in the information security industry and is being widely adopted by enterprises worldwide – with the UK and US leading the charge.
Organisations across Asia Pacific (APAC) are quick to follow, with seven out of ten businesses planning to adopt zero trust this year.
In 2024, we will see increased scrutiny on organisations to ensure zero trust is adopted beyond a ‘tick-box’ approach.
Specifically, there will be a greater push for standardised, all-encompassing zero trust frameworks that provide resilience against threats posed by emerging technologies such as AI.
The ability to backup data and restore it efficiently following an attack, will be a critical component of cyber resiliency.
Assume compromise and plan for failure
Veeam’s 2024 Data Protection Report revealed that 80% of organisations in APAC experienced at least one ransomware attack in the past year – with a quarter attacked four or more times.
This shows that ransomware attacks continue to be a when rather than an if and businesses must plan for compromise.
More shockingly, nearly all (94%) businesses acknowledge an availability gap, meaning its IT systems do not meet expectations when it comes to recovering after an interruption.
When businesses are unprepared, they put themselves at risk of business disruption and damaged brand reputation. Often businesses find themselves in a reactive state following a cyberattack, where they have no clear recovery plan and can only respond to the incident on the spot.
Therefore, attack assessment, containment and recovery are delayed and businesses continuity suffers.
As more businesses understand the benefits of zero trust, many are referring to existing frameworks to guide how they apply it in the business and better prepare themselves for an attack.
However, not all are created equal.
Adopting a resilient zero trust framework
While there are several zero trust models that businesses can leverage, most do not include two crucial elements of cyber resiliency: data backup and recovery systems. This gap leaves businesses prone to extended downtime following a cyber incident.
These businesses also often become the primary target for ransomware and data exfiltration attacks.
To stress the importance of data resiliency, Veeam has extended the standard CISA Zero Trust Maturity Model to encompass data backup, backup system resiliency and backup management to ensure efficient data recovery.
These extensions can then be progressed across four maturity tiers: Traditional, Initial, Advanced and Optimal.
Together, Veeam’s Zero Trust Data Resiliency (ZTDR) model provides a clear and practical roadmap for organisations looking to start their journey towards zero trust or incorporate backup and recovery systems into its zero-trust initiative.
Zero trust data resiliency as a critical entry point
With the many components required in a zero-trust framework, a key barrier to implementation is the overwhelm of the high volume of tasks to be done – from system upgrades and team training to establishing new ways of working.
The secret weapon to getting zero trust right is by mastering zero trust resiliency in backup and recovery as a priority. Robust data backup and recovery systems ensure all important information is backed up securely and can be restored efficiently when needed. This serves as a safety net while security and IT teams take the necessary steps to implement zero trust across other systems and educate employees to ensure everyone is playing a part in defending against cyberattacks.
Schneider Electric’s response to its recent ransomware attack shows how a solid recovery plan can minimise business disruption and reputational impact.
Shortly following the incident which affected a number of systems, Schneider Electric activated a robust response strategy, involving recovery, containment, impact assessment and forensic analysis.
The business quickly assessed the attack, contacted affected customers and reassured the public that access to business platforms would be restored efficiently.
The widespread adoption of zero trust worldwide marks a significant shift towards a more proactive approach to emerging threats.
With the continued surge of ransomware attacks and complexity of emerging technologies, we will see stronger demand for zero trust frameworks which help businesses prepare for the inevitable cyberattack.
Frameworks such as Veeam’s ZTDR model that incorporate data resiliency will become the benchmark for an all-encompassing approach to zero trust, with those that fail to follow putting themselves at risk of significant business disruption.