Crisis

But as the following data from Rubrik telemetry and Wakefield Research shows, hybrid environments have also created unprecedented hazards:

IT leaders report challenges in securing data systemwide, say they lack visibility, and can't establish centralized control.

Ninety percent of survey respondents say they've been attacked. Almost one-fifth say they're getting attacked every other week. And those are the ones they know about.

Malicious actors know this, and they are exploiting hybrid cloud systems relentlessly.

Bad actors are changing their techniques, from malware to social engineering and identity-based strategies. Identity attacks may now account for three-quarters of all attacks.

Attacks are coming over at least 10 vectors, far more than in the past.

The reason? It works. Successful attacks are on the rise, and time from entry to command and control of sensitive data is dropping fast.

As a result,

86%

of companies surveyed facing extortion demands report paying a ransom.

Nearly three-quarters say attackers were able to reach and hurt their data.

It doesn't have to be like this.

Companies must

by thinking like them:

Threat actors want to find and control the most valuable data, so they can stop operations. If they can do it, companies can too.

It begins with a focus on regaining control, through system awareness, then a plan of protection, defense, and recovery that prioritizes sensitive data and continuous operations.

Sensitive data can be located and classified in categories such as personal information, financial details, and technical capabilities. This identifies targets before treat actors get there, asserting knowledge and control in the cloud.

A process of continuous backup and restoration should become part of the security process, as rigorously in the cloud as on premises.

Continue to next chapter