Debunking common myths about data protection
Data protection, once an afterthought, is now an everyday priority for businesses. Beyond regulations like Digital Personal Data Protection Act in India and similar regulations around the world, the average global cost of a data breach is US$4.45M. The financial consequences are even greater if production data is compromised – either due to a breach or internal error – resulting in downtime. Downtime can cost businesses over US$1 million per hour, sometimes reaching as much as US$5 million per hour.
Data from a recent research by the DSCI (Data Security Council of India) revealed over 369.01 million security incidents were detected across 8.44 million endpoints. This also means that, on average, 702 potential security threats are detected every minute. However, several common myths are leaving businesses unprepared for cyber breach incidents. Ahead of 2025, here are the three top data protection misconceptions that businesses need to be aware of.
Cloud providers back up your data
Due to the rise in cloud security breaches and the popularity of cloud storage solutions, cloud security measures have become increasingly important. We have seen cloud security become a more prominent concern for businesses compared to on-premises security. While this does not mean one platform is more secure than the other, it highlights a shift in power or data within modern organizations.
Despite an improved understanding of shared responsibility on the cloud, there is still room for enhanced clarity. As India works towards becoming a $1 trillion digital economy by 2026, cloud computing can play a key role in driving technological growth, resilience, and inclusivity.
Unlike the traditional analogy which equates on-premises to cooking at home and the cloud to dining out, we need to understand the latter as hiring a fully equipped kitchen. While the equipment is likely reliable and safe, the cook still needs to implement safety precautions to cook safely.
The cloud provider offers the tools and capabilities, empowering customers to configure and manage their backups to meet specific requirements. However, the customer also needs to take accountability for the security of the data stored on the platform. For those seeking to delegate these responsibilities, options such as Backup-as-a-Service (BaaS) and Platform-as-a-Service (PaaS) offer valuable resources for support, available upon choice.
How paying ransoms works
India, a key player in the global digital economy, is actively enhancing its defences against the ransomware threats. Cert-In reported a 53% rise in ransomware incidents in 2022, particularly affecting IT services, finance, manufacturing, and critical infrastructure, disrupting essential services for ransom. The trend has stayed same in the subsequent years as well.
While recovering from ransomware is a challenge of modern business, an increasing number of organizations are finding effective strategies to avoid paying demands and strengthening their cybersecurity measures. Veeam’s global survey of ransomware victims found that 81% of organizations paid the ransom while only 54% were able to recover their data and 27% could still not recover their data.
Many people outside of security or IT fields may not fully understand the ransomware recovery process. After transferring funds in Bitcoin, there is often a delay before receiving decryption keys, which might never arrive. Even when keys are eventually provided, a quarter of victims still struggle to recover their data. However, awareness of these challenges is growing, leading more organizations to invest in preventive measures and improve their cybersecurity strategies.
The misconception isn't that paying ransoms is risk-free, but rather that it takes much longer than businesses expect to recover. Decryption is a manual process, with keys often unlocking only a few files at a time. Despite this, awareness is increasing, and many organizations are using this knowledge to strengthen their resilience and improve their cybersecurity strategies.
Using backups after a ransomware incident
Ransomware resilience experts have been successfully advocating for organizations to focus on data backup and system recovery as safer and more reliable alternatives to paying ransoms. Today, organizations are increasingly prioritizing data backup, spurred by regulations like the EU’s NIS2. This focus is encouraging as it equips them with a crucial tool to recover from incidents like ransomware attacks, fostering a stronger and more resilient cyber environment.
To ensure robust data protection and resilience, adaptation to emerging threats and technologies is essential. Continuous education for both specialists and broader stakeholders, including senior leadership, finance, and compliance, is crucial. By staying informed and proactive, organizations can effectively meet their data protection needs and enhance their ability to respond swiftly to challenges.
Sandeep Bhambure
Sandeep Bhambure is Vice President and Managing Director, India & SAARC at Veeam Software.
Next Article