Building effective Cyber resilience strategy benefits everyone, from internal stakeholders to regulatory bodies to consumers. Working collaboratively in shared interest and sharing knowledge and approaches not only benefits one industry’s resilience, but can be used to inform strategies across the wider digital landscape.
The third episode of our second series explores how Sheltered Harbor represents a coming together of cross-industry organizations and expertise – even competitors – united under the common goal of increasing Cyber resilience for all parties. We examine how this concept can be rolled out across other industries on a global scale for the benefit of organizations and consumers alike.
In this episode of “Need to Know” host Liz Green, EMEA Advisory & Cyber Lead at Dell Technologies, is joined by Carlos Recalde, CEO of Sheltered Harbor.
Listen In To Learn
- The importance of collaborations and cross-industry partnerships in staying ahead of Cyber threats
- Why companies working together – even competitors – and sharing information and expertise is vital in building Resilience
- What diverse sectors like critical infrastructure and healthcare can learn from the financial sector when it comes to Cyber security
Answering the most important question – ‘what if?’
Ensuring strong Cyber resilience relies on organizations taking stock of their current preparedness and security levels and their action plan, and interrogating them using the question ‘what if’? Understanding the potential ‘worst case scenario’ in the event of a successful Cyber or Ransomware attack for your organization, even if that outcome seems unlikely given your current preparedness and provisioning, is vital in ensuring you can recover effectively.
As threats and breach risks expand into areas like critical infrastructure and healthcare, organizations in these areas need to not only ask ‘what if’, but to ‘look over the fence’ at how other industries are handling and mitigating risk and see how best practices can be applied in their own sectors.
Now common practice within the financial sector is to have critical data kept separate from main, day-to-day infrastructure in a secure separate location – known as a ‘data vault’- which will need to be quickly accessible in the event of a breach. This data then allows organizations to react and recover quickly and ensure the continuation of vital services and prevent a complete shutdown or lengthy recovery period. The longer it takes a business to recover, the more damage is done to their infrastructure, profits and reputation.
Effective resilience planning, including data vaulting, is integral to avoiding that worst case scenario – and be ready for the ‘what ifs’.
Hindsight – One of the best teachers
“Just protecting your data is not good enough – you have to have a plan to use that protected data”. – Carlos Recalde
While foresight and anticipating risk is a vital part of building effective resilience, looking backward and learning from history can be equally important. In recent years we have seen an increase in runs on banks and major financial institutions – runs that test their resilience provision and strategy.
The last major financial crisis in 2008 resulted in tighter regulation as institutions put legislation in place to implement safeguards for the future. This resulted in fewer bank runs and a relative period of calm up until 2019, until the rise of Ransomware as a consistent threat to organizations of all sizes around 2019.
Companies are now asking questions of their strategies and preparedness when it comes to Ransomware and other Cyber threats. While Data Vaulting has become a go-to solution to protect against sensitive data loss, knowing what to do with that data to ensure fast recovery is a growing concern. The focus is gradually shifting towards mitigating damage to infrastructure, which requires more work, and consider the speed of response and recovery. In the ‘always online’ world, organizations need to ask themselves if a 24 hour response time is fast enough.
Proof of Concept
“You decide what you think is critical data”. – Carlos Recalde
The concepts that Sheltered Harbor have been working on have their foundations in supporting the US financial sector, and though their primary mission has not changed, they are working towards helping that concept cross boundaries – both geographical and industrial.
The protections and practices developed to support financial organizations, including Data Vaulting, are being broadened out into other sectors. Organizations are using data vaulting to protect not just critical data as it is widely defined, but the data they define as critical to their operations, recovery and resiliency.
Increasingly, organizations from outside the financial sector that are undertaking Data Vaulting processes to secure their critical data are seeking for their approaches to be certified and recognized. This certification is not just about having their efforts recognized, but also to outwardly communicate that they have undertaken stringent data protection measures to increase stakeholder, regulatory body and consumer confidence. As these concepts continue to expand outside of the financial sector, and across global markets and industries, we will naturally see an increase in the demand for recognition and certification.
———
At Dell Technologies, our objective is to provide a deep and broad portfolio of products, delivering specialist solutions for our clients, and partners enabling these solutions. To find out more about our range of cyber resilience solutions and how these can help inform your security strategy, click here.
You can listen to all episodes of “Need to Know” podcast, including this conversation on building Cyber resilience through collaboration and Data vaulting here.
