Do you remember that in the 1990s, commercial insurance, which was a new industry, blossomed all over the country, as if overnight your classmates, colleagues, relatives, and friends around you had become an insurance salesman. You who are still very ignorant of life insurance, when faced with insurance salesmen who play the emotional card, you are often told that insurance types such as "personal accident insurance" are "investment projects" that can "guarantee capital and rebates".
With the deepening of people's understanding of insurance, this wrong concept has also changed. Nowadays, we all know that insurance is not an investment, but a means of protection made in advance for unknown accidents and risks.
In a recent interview, Fan Wei, founder/CEO of enterprise network D1net, Xinzhongzhi and secretary general of the China Enterprise Digital Alliance, put forward a rather innovative point of view, he said: "The investment of enterprises in data security protection is like the purchase of personal accident insurance by individuals, this investment is not for return, but also must be done." Just as no one wants to buy accident insurance to be able to cash out and out of the insurance quickly, enterprises do not want the investment in data security protection to see the effect immediately, but if they do not invest, the loss faced by enterprises is very heavy. ”
Does enterprise data need an "accident insurance"?
Data from the SonicWall 2022 report shows that ransomware has surged by 232% since 2019, an increase of nearly 319 million times over the 2020 figure. In 2021, enterprise IT teams faced triple-digit growth (105%) of ransomware attacks, with more than 623 million. In addition to a 1,885 percent increase in attacks against government targets, healthcare (755 percent), education (152 percent), and retail (21 percent) also experienced a surge in ransomware threats.
Li Yan, Director of Data Protection Technology for Greater China at Dell Technologies Group, told reporters: "With the development of emerging technologies such as artificial intelligence and edge computing, the increasing popularity of cloud technology, the problems faced by enterprises in data protection have become more complex, and data risks are everywhere. In particular, it is important to note that cyberattacks have now taken a turn. ”
Looking at another set of data, if a national infrastructure type of enterprise is affected by an attack, it will directly affect the digital world to the physical world. In May 2021, the attack on Coroneil, the U.S. pipeline operator of refined oil products, led to the declaration of a state of emergency in the United States, and its impact shifted from the digital world to the physical world.
Li Yan emphasized: "In the past, cyber attacks mainly targeted systems, hackers take pleasure in destroying the company's IT systems, at most through control to mine or use your computing power to make DDoS attacks." These actions are not specific to the data assets of the enterprise organization. Since 2015, the winds of cyberattacks have shifted. Attack systems are no longer mainstream and are starting to turn to attack data, a phenomenon that will explode in 2020. Hackers target data to encrypt data, bringing production to a standstill for businesses. This is an important change. ”
Data from Xinfu shows that China will also become the hardest hit area of extortion attacks, and extortion attacks are not only aimed at large enterprises, data show that nearly half of the entire ransomware attacks are small and medium-sized enterprises.
It can be said that under the blackmail attack of hackers, no business is absolutely safe.
What strategies are needed to invest in data security?
So, in the face of changes in cyber attacks, especially the targeting of enterprise data by ransomware attacks, what kind of data security protection strategies do enterprises need? Li Yan was deeply touched by this.
Li Yan pointed out that enterprises need to pay attention to rationality and balance when building data security protection, and when strengthening modern security, it is mainly reflected in three aspects: effectively protecting data and systems, enhancing network resiliency and overcoming security complexity.
First, effectively protect data and systems.
That is, in today's complex cybersecurity environment, enterprises must protect both systems and data. Therefore, the choice of suppliers will become extremely critical, in the business requirements scenario may require multiple vendors to complete, but not too many.
Second, enhance network resiliency.
Network resiliency is not a technology but a capability, but a strategy, and even a result. Cybersecurity is for threats, so cyber resiliency is for business. Network resiliency adds a "robust network recovery strategy" that protects backup systems from breaches. This allows enterprises to quickly recover critical business, applications, and operations after being attacked, achieving network resiliency.
Third, overcome the complexity of security.
Businesses need to deal with the simplicity and automation of data protection solutions.
Li Yan pointed out that in the past, ensuring network security was mainly defense, and defense was not the ultimate means to solve all security problems. A multi-layered cyber resiliency measure must be implemented to achieve the ultimate goal of protecting corporate data. This is actually the pursuit of rationality and balance.
Who will provide this protection of corporate data?
Based on the above security protection concept, Dell Technologies has long insisted on doing a good job in data protection and recovery. Combining system protection and data protection into one is actually moving from network security to network resilience. There is a shift from network security to network resiliency, and network resiliency is an important indicator of network resiliency.
Li Yan pointed out that in the face of increasingly powerful data security challenges, the most effective way is to do a good job of disaster recovery backup and put core data into a safe haven. Dell Technologies' data haven is a very complete set of solutions, and there is a very important job in the safe haven plan, the first is backup, the second is encryption, and the third is to put it in the safe haven. The requirements of the safe haven are: the first data can not be tampered with, the second is isolated from production, and finally there is a recovery platform, when the user suffers a cyber attack, it can recover the data back.
In addition, Dell Technologies partnered with D1net, the enterprise network, to collaborate with customer security experts, CXOs and data protection experts to write the "Facing Ransomware – Best Practices in China White Paper", which is open for download.
At the same time, Dell Technologies can help enterprises do free network resiliency assessment with its Cyber Resiliency Assessment Inspection Tool, and provide consulting services in combination with the assessment, and help enterprises interpret China's Digital Security Law and Cybersecurity Law and other domestic and foreign data security regulations and industry practices through the Cyber Recovery Seminar.
According to Li Yan, at present, with the help of Dell Technology, more than 1,200 customers have built more than 1,500 safe havens to protect the data security of enterprises.
epilogue
In the face of the reporter's interview, Li Yan asked a very interesting question: What is the hacker's favorite sport?
The answer is: fishing.
Hopefully, your enterprise data won't be the "fish" in the pun, so buy an "accident insurance" for your data.
(Computerworld Jiao Xu)
![Pushing the limits of sustainable PC design: Concept Luna[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)