In the new digital era, where data is growing at an unprecedented rate by the second and where organizations are quickly becoming data-first, one thing has become crystal clear – that the ‘Good Enough’ approach by businesses, across the globe & India, is no more acceptable when it comes to safeguarding the most precious capital i.e. data from an external intrusion. Ever since businesses have become increasingly dependent on their data to fuel innovation, drive new revenue streams etc., IT decision-makers have not just been evaluating their current data protection preparedness but have also been ramping up their investments in this regard.

However, over the past few months, since organizations have been fixated on quickly transitioning towards remote working, they might have missed focusing on the threats that come along with this work culture. As a result, we have been witnessing a steady uptick in the instances of cyber-attacks. For example, as per a recent report, India itself witnessed a 37% increase in cyberattacks in first quarter of the year 2020 when compared to the last quarter of 2019[1]. Another report claimed that data of over 21,000 Indian students, including their Aadhaar cards, photos etc. have been put on sale on dark web[2].

Thus, given the rising data security concerns and incidents, CTOs need to look for a holistic approach towards data protection and management. Now, they need to be cognizant about how to respond, recover and learn in case a cyber-intrusion occurs. Thus, below are the few tips for CTOs that will help them redefine their data protection strategy:

·       Drift away from security to resilience: With the evolving nature of cyber-attacks, it’s time for businesses to stop reacting and start anticipating. Loss of critical data has the power to not just cripple a business in no time but also damage its reputation for long term. Hence, instead of relying on traditional methods of data security i.e. identify, protect, detect, respond and then recover, organizations must imbibe the state of the art resilience strategies i.e. learn, respond, monitor and anticipate.

·       Adopt a security strategy ingrained in product mindset: Businesses must not only think about making security intrinsic to technology infrastructure, but also aim at enabling security professionals intrinsic to future product development. They need to transform into a data first and product first mindset organization in order to be able to remain competitive in the future. Thus, instead of thinking of security as a prevention tool, the need of the hour is to incorporate it into the product design from the beginning that will make the architect systems and processes impenetrable.

·       Key to a winning strike is right digital partner: In the past, businesses have been using a hit and trial method w.r.t choosing their digital partner and this approach has brought in more vulnerability to their sensitive data assets. As per a report by Vanson Bourne[3], organizations in APJ, which were relying on more than one data protection solution provider were almost four times more vulnerable to a cyber-incident that prevents access to their data[4]. Hence, in order to combat the external threats, businesses must choose a single technology partner that delivers multi-platform security.

While it is critical to invest in the right technologies, it has also become utmost important for businesses to ramp up their education and awareness levels to stay abreast with the upcoming security threats. Therefore, to end the constant tussle between finding the right data protection architectures and keeping up with the modern security approaches, CTOs must focus on strategies that redefine their data protection ecosystems from time to time.