Over the past year, we have established a comfortable hybrid/remote work environment that is expected to be the norm post-COVID-19. However, with this has come adversaries who have grown more confident with attacking high level targets, such as the Colonial Pipeline and other critical infrastructure operations.
Thankfully, cybersecurity professionals everywhere are working on inventing new tech and improving upon legacy technology solutions to maintain pace with these criminals who threaten our data security. We have seen firsthand that it takes more than an individual task force to combat ransomware and other related threats such as phishing, insider threats and more. Instead, this battle necessitates a unified, highly focused effort between both the public and private sector.
Have hope that through the hard work and brilliant minds behind these security defenses that 2022 will not be a repeat of such high level attacks. Learn more about what security leaders have to say about the upcoming year below:
Neil Jones, cybersecurity evangelist, Egnyte
“Ransomware-as-a-service (RaaS) will continue to grow and become more sophisticated over the next year. By September of 2021, the number of publicly reported data breaches had already surpassed the total of the previous year by 17%. This is not a new problem and with its increasing frequency it’s important for our leaders to understand how profitable an industry RaaS has become, and the risks they may be facing.
While it’s easy to imagine these cybercriminals as an underground operation in someone’s basement, they don’t always appear that way. In fact the group linked to the Colonial Pipeline attacks were anything but ‘hackers in hoodies.’ They fronted themselves as an agency selling cybersecurity services, including a predictable schedule, benefits and lunch breaks as part of their job posting.
If we can take any lessons from this, it’s that we cannot underestimate the intelligence of these RaaS gangs. They are constantly overcoming systems and evolving with new technological advancements. Don’t let your company be fooled by false notions or assumptions about cybercriminals, especially that paying ransom will magically restore access to your company’s files. Instead, stay proactive and vigilant as you create and manage your cybersecurity systems.”
Jeff Sizemore, chief governance officer, Egnyte
“We can expect to see a steep rise in US state-by-state data privacy requirements and movement toward a potential federal privacy law in 2022. In fact, by 2023, it’s expected that 65% of the world’s population will be covered by privacy laws.
This becomes even more critical with many companies’ employees working from home or adapting to hybrid work models. Increasingly, these organizations are aiming to be more data-driven by measuring employee productivity. To achieve desired productivity, organizations will need to ask employees intrusive questions, and those questions will create their own privacy impacts.
Increasingly, personal privacy is being viewed as a human right, and the way vendors handle consumer and employee data will determine how much the public trusts them and wants to conduct business with them.
Protecting unstructured data will likely be one of the biggest challenges in the new year. If you can’t see it, you can’t govern it. If you can’t govern it, you definitely can’t manage privacy. However, organizations need to have visibility into structured and unstructured data to build out an effective data governance program, and there are data security and governance tools available to protect that information across the board. We also expect to see ongoing privacy assessments becoming more common. Organizations need to put privacy at the forefront and make sure they are solving the problem holistically in the new year and well beyond.”
Neil Jones, cybersecurity evangelist, Egnyte
“In 2022, I hope to see executives finally view cybersecurity as a wise investment rather than an optional budget line-item. Significant investment is required to stay one step ahead of cyber-attackers, and ongoing, company-wide cybersecurity training is required for employees in our ‘work from home’ world. Modern businesses can’t have effective data governance and security programs that consist of a single person, and historically, far too many companies have relied on the CISO’s or CPO’s efforts alone. Cybersecurity needs to be an all-hands company effort.
In the new year, we will be seeing further distribution of risk management within companies and hope to see increased engagement from end-users and customers, so they can better understand what is happening at a security level. Any opportunity to educate individuals about security and privacy will be a step in the right direction as people are more drawn to being educated than being sold to. And, Just like travelers at a bus or a train station, ‘If end-users see something, they should say something.’
It is time for companies to make humans part of the solution, rather than the cause of the problem. Transparency of risk with the Board and internal staff will help stakeholders understand the importance of the security teams’ requests and will maximize organizational buy-in.”
Jeff Sizemore, chief governance officer, Egnyte
“The ransomware attacks that impacted Colonial Pipeline, SolarWinds, and Twitch in 2021 have put cybersecurity at the forefront of global business operations – both for consumers and businesses. The immediate impact of a data breach is devastating but it’s only the tip of the iceberg. According to an IBM study, the average cost of a data breach is more than $4 million per incident. Unfortunately, recovery from an attack is a perpetually uphill battle that will continue as we move into 2022.
With the onslaught of breaches expected to continue, so will the spike in cybersecurity insurance premiums. Insurance carriers will perform their due diligence on hacked companies delving into their CSOs’ preparedness activities, data suppliers and supply chains, leaving no stone unturned. Currently, insurance policies are increasing at a rate of 200 – 300% at the time of renewal and that trend is anticipated for the foreseeable future. It’s a Catch-22; the higher the risk, the harder it can be for a company to find insurance coverage, which can impact new business and government contracts.
The long-term damage a data breach does to a company, no matter the size, only exemplifies the importance of data protection. As we roll into 2022, companies must keep cybersecurity a number-one, top-of-mind issue in all of their business operations.”
Neil Jones, cybersecurity evangelist, Egnyte
“In 2021, attackers noticed that major data breaches or ransomware attacks could influence a company’s stock and brand reputation, and public announcements could disrupt customers, partners and business markets. In 2022, we expect attackers to begin leveraging attacks to not only collect ransom, but to make additional profits trading on the information by announcing ransomware attacks publicly. Ransomware attacks may even be timed to coincide with quarterly earnings announcements or other events.”
John Noltensmeyer, chief technology officer at TokenEx
“My advice to organizations in 2022, as we continue to see the proliferation of privacy laws both at the state level, and potentially the federal level, is that globally, organizations need to ensure that they have a lawful basis for collecting data. That has been part of European data protection law for decades. In the United States, we have treated personal data as a free-for-all: if you can collect it, then you can do anything you want with it. That is obviously changing, so if organizations are not considering that, and not using something like the GDPR or CCP as a guide – even if an organization feels those laws don’t apply to them – they should absolutely begin considering the effect of similar legislation on their organization. It is likely that there will be some type of comparable regulation that does apply to their business within 2022.”
Matthew Meehan, chief operating officer at TokenEx
“For data security and protection, if an organization has to extensively re-architect its internal environments to be secure, it will be difficult to ever reach project completion. And environments will change again before they’re done. Instead, organizations need to find data protection approaches that provide the flexibility to work with and conform to the specific environment.”
Matthew Meehan, chief operating officer at TokenEx
“Indeed, the continued rise in cyberattacks we witnessed in 2021 will cause C-level execs to take cybersecurity more seriously. There are two risk buckets to consider in this regard: business interruption risk (where the business goes down as the result of an attack); and liability for loss of sensitive customer and other data. The technologies to manage these risks are different, but both sets of risks are concrete, quantifiable, and have a direct, immediate economic impact as well as reputation and brand-value implications. Boards and executives that appreciate the quantifiable aspects of these risks will invest wisely to protect and build company value over the coming years.”
Tyler Farrar, CISO, Exabeam
“What do ransomware, phishing, advanced persistent threats and the like all have in common? Access. In the New Year, organizations should expect all of these attack methods to grow, but an all-too-important area to watch out for that often gets missed is initial access brokers.
Initial access brokers are individuals or groups that resell credentials in the criminal marketplace. In turn, other adversaries can use the information to cause further damage for a company, often going undetected. According to a recent SANS Institute survey, 14% of organizations on average have indicated that the time between compromise of a network and detection of an adversary is between one to six months.
Nation-state groups in particular will continue to take advantage of this information to conduct continued and persistent access attacks. Similar to trench digging in actual warfare, they will keep manufacturing exploits to launch a full-on cyberwar in the future.
The key to stopping the most popular attack methods used by adversaries today is to control access points and reduce overall dwell time. One of the simplest ways for organizations to achieve this is by preventing compromised credentials incidents — which is the reason for 61% of breaches today —and monitoring user behavior. Doing so provides the necessary context needed to restore trust and react in real time to protect user accounts — halting malicious access in its tracks.”
Steve Moore, chief security strategist, Exabeam
“Quality leadership is essential in running a successful company, but did you know that poor leadership methods result in poor performance and a heightened risk of cyberattacks?
We’ve seen a steep rise in cybercrime in 2021 that we can expect to continue into the new year, and an effective defense begins with influential leaders. However, it would be a shame if leadership adapted to new work dynamics as they’ve historically adapted to adversaries – which is slowly.
This cyber security climate applies more significant pressure to leaders; will strain the mediocre ones well beyond their value. In this example case, defenders’ networks, already rife with gaps and missing capabilities for digital adversaries to exploit, will fail to meet the basics of relevance. Leaders must focus on outcomes for their staff – focus on ‘why’ instead of the ‘how,’ and reflect on their abilities to lead, retain, and recruit will come out on top.
An unproductive and stressed security operations center (SOC) only places a target on a company’s back, leading to the loss of talented workers in an already competitive sector — and potential loss of business due to data breach-driven reputational damage. Instead, SOC leadership should carefully track the happiness and career fulfillment of their staff.
Now, the question from a technical and human perspective is this: how quickly can the defending organization adjust to such rapid and frequent attacks — and improve internal culture during change? In addition, cybercriminals are increasingly targeting companies going through significant financial events, such as acquisitions and mergers, knowing security teams are likely unstable, stressed, and managing integrations during the process.
This tidal wave of cybercrime will not die down any time soon. Still, if SOCs dedicate themselves to understanding the adversary and hire leaders who focus on a healthy culture that boosts morale, a better outcome of defense will be fostered.”
Gorka Sadowski, chief strategy officer, Exabeam
“If we’ve learned anything in 2021, it’s that cybercrime is a collaborative effort in which crime syndicates share and learn from each other to make their attacks increasingly sophisticated and damaging. With global ransomware payments on track to hit $265 billion by 2031, cybercriminals have the resources they need to work together in developing new and improved ways to breach organizational frameworks around the world.
As the year draws to a close, I’m excited to see organizations take cybersecurity much more seriously and realize that we’re in this together. 2022 will be a test of how well we can work together, putting collaboration above competition in order to fight against the growing threat that cybercriminals pose to industries of all scopes and kinds. Cybercriminals have shown to be highly coordinated, so the only hope we have in defeating them is to be just as united in our efforts.
Another encouraging sign to take into the new year is that governments are finally beginning to mobilize and take action against cyberthreats. In the past, it has been largely down to each organization to fend for itself, which inevitably exacerbates asymmetry between well-funded attackers and individual defenders, leading to costly breaches. Initiatives such as California’s Cal-Secure plan show governments are taking a stand and promoting comprehensive, collaborative efforts in the fight against cybercrime. Cyberattacks can have devastating consequences on both the public and private sectors alike, making government support crucial.
Cyber adversaries, unfortunately, won’t be going away anytime soon, so the key moving forward is for businesses and governments to consolidate their efforts and support each other as the threats grow both in complexity and ambition. We’re poised to achieve great things if we remember who the enemies are and focus on how we can help each other defend against the next threat that comes our way.”
Samantha Humphries, head of security strategy EMEA at Exabeam:
“Ransomware has been at the forefront of cybersecurity concerns this year and I think, unfortunately, we’ll continue to see the hold of ransomware leading to extortionware, and also as a distraction. Ransomware is an ‘end problem’ for companies. It’s not a case of getting struck by a cyberattack and asking ‘what do we do now?’ – by that point it’s far too late. Instead, it needs to be a question of ‘how do we make ourselves less of a target to begin with?’.
The crux of the problem is that there’s an overwhelming amount of false confidence by companies thinking ‘it won’t happen to us’ because they’ve added a new compliance tool, or moved to the cloud. It’s not that simple. Cybersecurity is not a ‘tick box exercise’ and then you’re safe. Too many organizations still have this mindset that sees them scrimp on the fundamentals of cyber hygiene.
Everything starts with having visibility across your systems. Put simply, if you don’t know what you’ve got, you’re not going to be able to protect it. This insight will help to provide teams with a clear understanding of user accounts’ and devices’ normal behaviors, enabling them to spot anomalies more easily when they happen – and they will. Not to mention, distributed workforces and a work-from-anywhere culture has meant less visibility, less control, and less understanding of what covid-world and beyond ‘normal’ user behavior is.
I don’t think we’ve seen the whole brunt of the shift to remote work yet. The combination of dispersed workforces and more employees using personal devices for work will continue to open up the potential for an influx of Bring Your Own Device (BYOD) security risks, meaning growing attack surfaces and increased vulnerability to security threats.
Though it may feel like we are against all odds, it’s important to not be discouraged, downtool, or divest our security teams. Companies must continue to tackle modern threats head on, replacing outdated security tools to ensure security teams are prepared and have the ability to understand exactly what’s going on inside their changing IT environment.”
Samantha Andrews, director of account based marketing at Exabeam:
“It’s apparent that many company boards are still not prepared for cybersecurity, and are not making the connection between the pervasiveness of cyber threats and their vulnerabilities. All too often, cyber is taking a backseat behind regulatory and reputational risks.
The last 18 months have been eye-opening for everyone – we’ve seen the biggest shift in working patterns since the Industrial Revolution, it’s been a catalyst for change across numerous industries, and called for people to reflect and rethink their priorities. We also saw exponential growth in cyberattacks where threat actors took advantage of the disruption. As a number of prolific data breaches have hit headlines this year, you’d hope it serves as a reminder to boards and C-level executives to take cybersecurity more seriously. Cybersecurity needs to begin in the C-suite.
C-suite executives are among the top targets for attackers and because of their growing exposure to cyber attacks, they need to ensure that they are not the weak link in the cybersecurity chain. I hope that this coming year will be the one where cybersecurity becomes a fixed board agenda item. It’s time to adjust thinking to discuss risks, review contingency plans, and shake off the false sense of ‘it won’t happen to us’ confidence – because cyberattacks are inevitable. It’s not a question of ‘if’ and more a question of ‘when’ you’ll be a target, if you haven’t been already.
2021 proved what we already knew… that nothing is off-limits. We’ve experienced monumental change and the C-suite must now make fundamental changes too, bolstering cyber-crisis preparedness in the fight against ever-changing, ever-evolving cyber threats. Next year will be a huge opportunity for everyone.”
Danny Lopez, CEO, Glasswall
“Before we take a look at what organisations will be facing in 2022, it is important for security professionals to reflect on what has worked for adversaries in the past year. During 2021, a cyberattack occurred every 39 seconds. The world experienced a ransomware explosion, which will likely continue its upward trajectory in 2022. Strict sanctions on countries like Russia and China also increased tensions and led to several large-scale cyberattacks being attributed to the two nation states.
Due to their successes, adversaries are going to get craftier in their practices in 2022. The attackers will use a more personalised approach and aim to blend into the network to look like an insider. Cybercriminals will target more customer success centers to increase the chances of a big cash payout. Ransomware crime organisations may ask for less and allow for payment flexibility, so they can receive steady income over say 12 to 18 months.
Tension in the South China Sea is also going to have a lot of influence in the threat landscape. A large number of warships on both the Chinese and American side are currently residing in a very small geopolitical zone. History shows when those things happen there tends to be an event that triggers an avalanche. Cyber is the newest warfare tactic, and a small spark could launch flames that engulf a large number of countries into a full-on cyber conflict threatening the global supply chain.
We need to learn from our mistakes, and stay vigilant, in order to bolster cybersecurity defenses. It’s impossible to look into a crystal ball and predict the future, but we have the past to learn from in order to move forward to a more secure future.”
Danny Lopez, CEO, Glasswall
“With each new year, it’s important for executives and board members to view their cybersecurity measures with fresh eyes. Hackers will never rest when it comes to finding new angles to break into organisations’ critical systems. Once one problem is patched, they will just continue to poke and find new openings that will enable them to steal data or move laterally across the network. One way, this is expected to escalate over the next year is through the insurgence of bad actors and insider threats. According to IBM, 60% of organisations have more than 20 incidents of insider attacks a year and the cost related to these incidents was over $2.7 million. This means not only do companies need to be aware of exterior threats, but aware of internal vulnerabilities by implementing a zero trust approach.
With all these things to consider in a board environment, the conversations need to be constructive and centered around a proactive approach. Not only do leaders need to be aware of the massive risk that isn’t going away, but ensure that a zero trust approach is in place. No organisation, large or small, is exempt from the risk of cyberattacks. Remaining vigilant will empower companies as they move forward.”
Danny Lopez, CEO, Glasswall
“If there is any topic the cybersecurity industry will continue to discuss in 2022, it’s the talent shortage. In the U.S., there are almost 500,000 jobs to be filled in this industry alone. What’s more troubling is that it’s not just organisations competing to secure talent anymore since ransomware-as-a-service (RaaS) has entered the market. Cybercriminal groups are heavily recruiting in tandem. In an attempt to respond to the skills shortage exacerbated by the ‘great resignation,’ commercial enterprises will find themselves also looking at the talent pool of former (and now reformed) hackers in an effort to improve their own cybersecurity systems and pad their teams.
The most easily achieved response to addressing the labour shortage today, beyond getting creative with hiring, is to ensure that organisations have the correct products to protect their systems and data and automate more menial tasks for their security analysts and leadership — so they can spend their time focusing on stopping digital adversaries. Overall, companies must be proactive in both their recruitment and building out their cybersecurity infrastructure.”
Steve Roberts, chief financial officer at Glasswall
“Many organisations are currently still figuring out what a hybrid working model means for them. Permanent office space and long term leases are likely to be a thing of the past and this will inevitably lead to a shift in budget allocation. My advice for businesses in 2022 is to ensure any budget that is no longer attributed to office leases is reallocated to effective collaboration tools, increasing security and employee wellbeing. Unused budget is not a net saving, so it should be applied elsewhere to ensure that the new hybrid working model is secure and healthy.
Companies implementing a hybrid working model should ensure both their office infrastructure and remote working environments are secure. Remote working can result in security vulnerabilities, particularly if employees are using their own devices to connect to corporate systems. Budget should be reallocated to invest in security solutions that will close these gaps and keep systems and data secure.
With the uncertainties around long-term working models, most organisations don’t want to be tied into long-term contracts. Technology providers will need to rethink and evolve how they are selling their products. Offering short-term contracts for SaaS solutions that can be deployed solely in the cloud or as a hybrid solution will enable businesses to better support their customers. Organisations aren’t going to transition to the cloud overnight, so technology solutions need to be able to protect them in every environment.”
Paul Farrington, chief product officer at Glasswall
“We’re constantly seeing cybercriminals changing their methods, and this will continue in 2022. Not only do we anticipate the use of automation to create scale – for example in DDoS attacks and the communication of malware – but we’re seeing machine learning (ML) being used to make attacks more effective. It’s one thing for a human attacker to analyse email characteristics to work out what entices a reader to click on a malicious link – applying ML to this adds a completely new dimension. In doing so, attackers have an almost infinite ability to tweak variables and ultimately secure a better payoff for their efforts.
This kind of analysis – where ML is used to make small changes to malware properties, for example in a PDF or a Word document – needs to be stopped in its tracks. Organisations need to seriously consider whether this type of malware will evade detection from their anti-virus tools. If the answer’s yes, the problem needs to be looked at in a new way.
Polymorphic malware has been around for a decade – metamorphic malware, on the other hand, is a more recent phenomenon. It’s taking time for organisations to build up strategies to combat it. I predict that this form of malware will take off over the next few years, as cybercriminals increasingly leverage ML to make malware more personalised, and thereby easier to evade detection.
At the extreme end, this will see every piece of malware become novel or unique. This makes it far more likely it will be able to slip through an unknown gap in the defenses. Delivered at scale, this has the potential to become a significant problem for organisations that are not taking a proactive approach to file sanitisation.”
Paul Farrington, chief product officer at Glasswall
“Cyber is now the weapon of choice for nation-state attacks and we can expect to see even more evidence of this in 2022. This means new cyber-focused legislation is, and will continue to be, a priority amongst governments, as reflected in Biden’s Executive Order.
The positive side to this is that cybersecurity will continue to be spoken about more widely and openly among private sector organisations. At a high-level, businesses will need to take notice of the changing legislative landscape and adopt a compliance-first mindset, irrespective of whether cybersecurity is currently a priority focus for them. For those selling into the government, security will continue to be a competitive advantage, but this will increasingly become a buying criteria more broadly. The value of security will continue to grow, and will no longer be just about functionality.
In 2022, countries that are yet to adopt or improve cyber legislation to protect government and critical infrastructure will likely do so. We’ll also see countries becoming more granular with this by legislating around software development and data protection. Governments will start by focusing on critical national infrastructure, for example utilities, before moving on to any entity playing a pivotal role in keeping the country moving and the economy growing, such as financial services. By setting out legislation on how companies handle data and interact with the outside world, common standards around security can be developed that will help keep both organisations and customer data safe.”
Steve Cochran, CTO, ConnectWise
Infosec will dominate our lives in the tech space for the foreseeable future. Companies may think they’re protected, however, many of them are using slingshots to protect themselves while the bad guys have tanks, bombs, and machine guns. We have a long way to go as a technology-driven society in terms of cybersecurity. Getting ourselves to the point where we aren’t at risk of a serious attack will be our focus for the next two to three years. On the less serious side, tools that allow us to better engage in the new hybrid working model will become more prevalent. Solutions will be developed that will allow us to work in a more meaningful way during this new era. Tools that let us set up conferences, arrange food deliveries, and show who is in and out of the office will take center-stage now that the majority of companies have introduced hybrid working models.
Danny Lopez, CEO, Glasswall
“With a 62% year-over-year increase of ransomware complaints, the demand for cybersecurity will continue to escalate. We expect to see more investors turn their attention to the market — and invest in cybersecurity organisations addressing today’s most prevalent threats like file-based malware, critical infrastructure vulnerabilities and ransomware-as-a-service (RaaS)– rather than those from 10-15 years ago that today’s public cyber companies were founded to protect. Since there is ample capital available for private companies, M&A deal flow is likely to increase in 2022.”
Avi Raichel, COO, Zerto, a Hewlett Packard Enterprise company
“It shouldn’t be news to anyone that ransomware is the cybersecurity challenge of the moment. It’s here and affecting everyone. As we head into a new year, it’s important everyone gains a clear understanding of how attackers are evolving and how best to strategically protect organizations from attacks and the impact they have on business.
Attackers are getting smarter, and the payouts are getting larger and more widespread—two alarming trends. If you dissect the anatomy of recent attacks, you’ll see that cybercriminals are targeting companies that can be the most hurt, are the most defenseless, or are the most likely to pay out large sums of money. So, if you are a CEO or CIO of an organization, it’s irresponsible at this point not to have a proven ransomware response plan. Any organization can fit the target characteristics for today’s cybercriminals, and it’s become simply a matter of time until your organization’s number is up.
The ability to recover should be a focal point of any security plan. This will be defined by how quickly you can stand up your systems and get them running again. However, in our accelerated digital age largely brought on by COVID, too much can happen overnight or in three to five days for the traditional back up model to be good enough. Recovery solutions need to modernize to fit what the world has become. They need to be continuous and able to keep applications running 24/7 even in the face of disruption or threat. Ultimately protecting all of your data all of the time.
Data protection that meets the demands of the moment can’t just be an item on a checklist in 2022. It’s a must-have that is a critical investment for every organization. What started with simple encryptions that could be downloaded from a Google search and then executed as a simple ransomware attack is now targeting the most high-profile, sophisticated, and relied upon organizations in the world. Unfortunately, the danger will continue to grow but it’s on us to ensure that our resistance to it stays a step or two ahead.”
Andy Fernandez, senior manager, product marketing, Zerto, a Hewlett Packard Enterprise company
“It shouldn’t be a surprise to say that in 2022 we’re going to see a continued increase in the severity
and volume of ransomware attacks. In response, we will see a growth in the ransomware-as-a-service market, which is able to propagate new versions and new methods in a much faster way than before. Whether you are a small business or large enterprise, at some point you will be targeted by a ransomware attack that will try to get into your system and encrypt your critical data. We will continue to see an increase in state-backed criminal syndicates that carry out much more tailored and aggressive campaigns.
In 2022, ransomware attacks will continue to evolve and target critical data anywhere. These attacks will not be solely focused on VM data anymore; SaaS and containerized applications will more frequently be in the crosshairs for cybercriminals. We will continue to see container-specific malware attacks focused on data exfiltration, crypto jacking, and encryption.
This coming year and the following will be very dangerous because companies are not mature enough in their approach to protecting containerized and SaaS applications. Many organizations are still trying to figure out where that data lives, and they assume that the vendor—Kubernetes or OpenShift for example—is responsible for protecting their data. Unlike virtualized environments that have disaster recovery built-in, the reality is that those open-source vendors are limited in that
capacity, and enterprises can’t always assume their SaaS and containerized data is protected.
Therefore, every organization in 2022 needs a data protection plan in place that covers all data—no matter where it lives.”
Ziv Kedem, co-founder and VP/GM, Zerto, a Hewlett Packard Enterprise company
“Disaster-recovery-as-a-service (DRaaS) will become a key necessity for many organizations and its adoption will skyrocket. The rise in volume and severity of ransomware attacks and growing threats due to climate change, combined with the financial impact of downtime are driving organizations to take disaster recovery seriously.
Most organizations are looking to offload capital expenditures and only pay for what they use. DRaaS, managed or unmanaged, allows companies to eliminate the costs and administrative overhead of managing and maintaining their own purchased secondary sites. Why refresh hardware every couple of years? Why allocate time, resources, and labor to something that doesn’t drive revenue? DRaaS brings organizations a rapid, efficient way to reduce costs and only pay for the applications that need protection.
Apart from capital investments, many organizations do not have the time and administrative overhead required to stand up a secondary data center. DRaaS brings the fastest approach to protect critical workloads.”
Amit Shaked, CEO & co-founder, Laminar
“When the pandemic first started, many organizations went into emergency infrastructure planning mode and shifted immediately to the cloud in order to continue business operations. As the dust continues to settle and enterprises have adjusted to our new normal, it has become very clear that organizations now have another enemy to face: data protection in the public cloud.
Cloud transformation has overall been great for business, but has not come without its downsides — one of the top ones being that data protection has not kept pace with data democratization. A 2021 IDC survey reported that 98% of companies experienced at least one cloud data breach in the last year and a half. The solutions data protection individuals are using haven’t adjusted to this new public cloud environment, which makes work much more challenging than ever before. On top of that, most data protection teams are blind to what sensitive data they have in the public cloud.
In 2022, it is going to become crucial that organizations use solutions that provide visibility, context, accountability and alert data protection teams to data leaks in order to halt adversaries in their tracks. The solution should be able to continuously and automatically discover and classify data for complete visibility, secure and control said data to improve data risk posture, and detect data leaks and remediate them without interrupting data flow. These simple approaches can go a long way in preventing devastating breaches in 2022 and beyond.”
Oran Avraham, co-founder & CTO, Laminar
“In 2022, data is going to be the most valuable currency around the world. As a result, the data breach culture we have seen emerge over the past few years is going to continue to permeate if we do not take a moment to reflect on the causes of attacks in the last year.
It is imperative to understand where these attacks are originating from in order to discontinue the cycle of data abuse. If one were to examine some of today’s biggest data breaches, a pattern will immediately emerge — the majority by far originated from public cloud infrastructure.
So what should organizations be looking for to protect public cloud environments? First, the solutions must be cloud-native. Second, data protection teams are almost blind when it comes to data residing in the cloud. Therefore, the solution must start by integrating with the public cloud itself in a modern, agentless way. It must be able to identify where and which types of data reside there. This way organizations can focus on protecting what matters most. Finally, the solution must not impact performance.
It is my hope that organizations will take a moment to reflect on the importance of public cloud data protection in order to change the data breach narrative in 2022 and beyond.”
