Written by: Mohamad Rizk, Senior Director, Technical Sales – Middle East, Russia & CIS at Veeam Software

Digital transformation is seen as a big investment but is becoming a prerequisite for survival in the current and future landscape. Businesses are now more reliant on digital infrastructure than ever – with many organizations completely dependent on their IT systems and the data being generated, which is their IP. With data being viewed as the “new currency” today, it is vital to protect its integrity. A Modern Data Protection solution ensuring the backup, recovery, and management of critical data is essential.

The Veeam Ransomware Trends Report 2022, reveals the extent of vulnerability of businesses when it comes to ransomware defense. 72% of organizations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom. Cybercriminals are successfully encrypting an average of 47% of production data and victims are only able to recover 69% of impacted data! 76% of organizations also admit to paying ransomware criminals.

Security Weaknesses

Although organizations in the Middle East, in general, spend a lot on security technologies, there is a huge gap when it comes to planning and executing a security strategy. This mainly boils down to the complexity of the IT environment. The region is risk-averse when it comes to adopting cloud technologies and there are still a lot of legacy systems. Protecting these complicated environments is a big challenge and becomes even more so in the transition phase of moving to the cloud.

Pillars of a Robust Security Strategy

Regional CISOs need to have a stringent security plan in place which includes important elements like stress testing of IT Systems, backup, a disaster recovery plan, and educating employees:

Stress Testing of IT Systems

If stress testing of data, people, and processes is not done at regular intervals, ideally once a month, then the business is being put at significant risk. There are a few reasons for the lack of testing. One is that organizations do not have the correct software and processes in place. The second, as mentioned earlier, is that organizations still have legacy disparate systems, which increases the complexities of testing so many different parts. The fear of failure is what causes people not to stress test to the level that they should.

Backup – Immutability is key

Every admin should have a backup. This principle works for any virtual environment; regardless of the hypervisor, you are running (VMware, Hyper-V, or whatever). One of the timeless rules that can effectively address any failure scenario is called the 3-2-1 backup rule. Veeam has upgraded this to the 3-2-1-1-0 rule. This upgraded rule gives incredible versatility by going the extra mile:

• There should be 3 copies of data
• On 2 different media
• With 1 copy being off-site
• With 1 copy being offline, air-gapped, or immutable
• And, 0 errors with SureBackup recovery verification

Disaster Recovery

Enterprises produce huge volumes of employee, customer, and corporate data, of which they are the trusted custodians. Given the growing importance of personal data, organizations have a broader societal responsibility to ensure their systems are fully recoverable at all times. While IT departments have a crucial role to play here, business leaders also need to truly buy in to the importance of Disaster Recovery (DR). A good DR strategy should encompass a documented process that has been tested. DR testing needs to be stringent – looking at every possible eventuality and preparing an appropriate response.

Employee Education

Without creating awareness and providing a deeper understanding of best practices through cyber literacy, any threat mitigation tool is rendered useless. It is imperative to educate employees and ensure they practice impeccable digital hygiene.

If organizations in the Middle East follow the above pillars of a sound security strategy, then they would have taken care of a very important piece of the digital transformation puzzle.