Protecting digital trust from erosion

By Mark Molyneux, EMEA CTO at Cohesity.

  • Monday, 16th October 2023 Posted 1 year ago in by Phil Alsop

Every successful IT attack against companies makes consumers doubt whether they want to continue using their data and these services. But data is essential so that companies can digitise their business and develop towards a data economy. Company leaders should rethink and accept that attacks against their IT will be successful. So, what follows from this?

The child is crying in their room because the flight that was supposed to bring a parent home in time for their birthday has been cancelled. The airport is locked because the ticketing systems are infected with ransomware. Your most important gift, wisely ordered weeks ago, is still on the way. Unfortunately, not a single ship from the logistics company has been able to leave the ports in Asia for weeks. 

All of these attacks happened last year and have been repeated dozens of times in modified form over the past few months. Attacks on the Stade drinking water association, against the health insurance company Barma, the Medical Service (MD) Lower Saxony and Bremen, to name just the most recent incidents. Germany ranks fourth internationally for registered ransomware attacks between July 2022 and June 2023: the security researchers at Malwarebytes counted 124 such cyber attacks in Germany during the period.

The consequences of such attacks directly affect the lives of every citizen and result in two outcomes: Every citizen understands how many IT-based services they now use - and how much they depend on them. And with every successful attack, a part of the trust that is placed in service providers and their digitised offers is eroded. Anyone who was personally affected by these failures, data losses or other cyber threats will think twice about using new digital offers.

Conversely, companies will be able to generate more sales if their customers trust their digital offers. This is the conclusion of a McKinsey study of 1,300 business leaders and 3,000 consumers. It shows that companies that are best placed to build digital trust are also more likely than others to achieve annual growth rates of at least 10 percent in their sales and profits.

Other analyses, such as those by IDC also clearly show that companies want to act more and more in a data-driven manner. You want to implement an internal data culture and participate in data management. Sharing data, creating added value for customers and partners and ultimately making more profit. But everything depends on whether customers are willing to share their data and take advantage of corresponding offers.

Key to the data economy

But consumers have become more sceptical. They are increasingly interested in how companies handle their data. And they assess how companies handle disasters in which data is lost and services are down for a considerable period of time.

The decisive factor here is how transparent and good companies are at explaining to customers exactly what is happening with their data and how. They define a value system and want to know how companies protect their data, how they effectively achieve cyber security and what they plan to do with third parties, especially in the area of AI and data sharing. If one of these sensitive values is violated, trust suffers and customers are reluctant to share data. However, a data economy is absolutely dependent on this data.

Companies rate their ability to stop cyber attacks in time and protect customer data quite positively, as the McKinsey study also shows. Dozens, if not hundreds, of successful attacks on companies worldwide prove every day that there must be a serious gap between self-assessment and real-world capabilities. A loophole through which cyber saboteurs infiltrate, encrypt or steal customer data, thereby challenging the data economy as an idea.

And this gap is getting bigger and deeper because companies are digitising their processes more, trying out more complex services and new approaches like the Internet of Things. These new architectures generate more data in more places. Which challenges the IT teams even more.

Strengthen resistance

Previous concepts that build additional and higher security walls around data and systems no longer do justice to this new world. Because even the highest wall becomes permeable when employees click on the wrong things, software products have hundreds of vulnerabilities, and remote working has stretched the entire security architecture. Networks, although they are shielded by thousands of individual tools in large companies, have become much more permeable to hackers.

Company leaders should start with the premise that attacks against their company will be successful. This automatically leads to how the consequences of this slump could be contained as quickly as possible. Because, firstly, the most important data should continue to be protected if someone breaks in internally. And secondly, the most important services should continue to function even if a cyber attack starts to rage internally. This is real cyber resilience, and forces companies to modernise their important data management and data security areas in IT.

Such clever new concepts shield the data with strong encryption, strict access controls, isolated data vaults and immutable storage so that saboteurs cannot access it. Even if they have been spying on the victim network for weeks, which is what happens in large professional attacks.

Modern tools help IT and security teams quickly and, most importantly, cleanly recover data and critical services at scale in hours or days. This is where the wheat is separated from the chaff, because old concepts do not examine the data copies and, in an emergency, reconstruct all the data again or the back doors and attack artefacts of the saboteurs, enabling them to break in again within minutes through the same, kindly reconstructed back door. Modern tools, on the other hand, help security teams quickly find and eliminate these artefacts and traces of attacks so that the recovered data is safe.

This makes companies resilient because they quickly contain the consequences of successful attacks and keep their core services available. Their customers' data remains intact and the services remain available, thereby maintaining the digital trust of their own customers.