The National Grid chief has warned about potential blackouts impacting major data centres amid the energy crisis, stating that it’s possible the UK may face blackouts in January and February in 2023.
Many companies will have solid Disaster Recovery plans for their data centres, but random or even structured blackouts over a prolonged period will have a very different requirement for operational resiliency compared to a typical outage.
Best practice involves organisations moving copies of their critical data to an alternative location to create more resiliency against potential blackouts. Alongside other operational challenges, and set in the context of reduced IT budgets, organisations will have to quickly develop procedures to keep services running and secure. This will mean leveraging automation and orchestration to make those procedures efficient and effective.
The need to update legacy data protection technology in 2023
Updating legacy data protection technology must be a priority for IT and business decision makers in 2023. Cyber criminals are actively preying on outdated infrastructure as they know it cannot protect or recover data in today’s dispersed, multicloud environments.
Cohesity research found that half of UK respondents depend on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era or the type of sophisticated cyberattacks that now plague enterprises.
In 2023, possibly as an outcome of budgetary pressures, we expect to see IT and SecOps teams align to co-own cyber resilience outcomes, including infrastructure used for data identification, protection, detection, response, and recovery.
Security-only postures give way to data-centric impact reduction
Security-only postures of focusing on prevention and detection will change in 2023 as companies begin to see the limitations. Surprisingly, nowadays only an average of less than 10% of cyber budgets are being spent on impact mitigation. For CISOs, who rebalance their spending in protection and resiliency by increasing the budget for impact mitigation represents the best time-to-value and cheapest mechanism to increase their cyber resiliency.
Therefore, 2023 will see data-centric security models become more of a focus as recovery and resiliency tools offer the best time-to-value and cheapest mechanism for CISOs to move the cyber risk needle. This is because deploying yet another preventative or detective tool only moves the needle incrementally, but can still add complexity, headcount, friction, integration and a new attack surface.
A data-centric approach to impact reduction will mean organisations need to look at how they bring together the data from across compute and storage environments, which will mean organisations need to re-align IT and security teams, budgets and solutions in 2023.
Organisations will begin to turn away from ransomware insurance
Organisations are increasingly finding it more difficult and expensive to take out insurance to cover them in the event of a ransomware attack. Among the many consequences of the rising number of costly data breaches, ransomware, and other security attacks are pricier premiums for cyber security insurance.
In 2023, we expect to see more organisations turn away from ransomware warranties as it becomes too hard and expensive to secure and organisations discover that the payouts don’t cover their costs.
Cohesity’s legal team researched the leading warranties on the market, and came to this conclusion: “But you might be thinking, well, signing these warranties can’t do me any harm, right? Wrong. Warranties tie your hands, as signing them limits you to a sole and exclusive remedy with those vendors and sets them up to blame you for causing the problem through a multitude of escape clauses. At the end of the day, warranties like these are little more than thinly veiled limitations of liability benefiting the companies—rather than you, the customer.”
We expect these limitations to come to light in 2023 and we’ll start to see organisations focus their IT budgets on recovery instead of insurance.
