Why And How CIOs And CISOs Should Incorporate Storage Into

Eric Herzog is the Chief Marketing Officer at Infinidat.

The average number of days to identify and contain a data breach is 287, according to research (via SecureWorld) conducted by the Ponemon Institute. This means that chief information officers (CIOs) and chief information security officers (CISOs) are regularly caught unaware when a cyberattack—or a series of cyberattacks—has penetrated the enterprise and, whether it’s ransomware or malware, is working to wreak havoc with the company’s data.

It’s shocking to even think about the damage that can be inflicted in that time. Indeed, an enterprise’s data is held ransom, corrupted, copied, blocked and exposed—and they didn’t know what was happening as it was happening. These are the kind of attacks that can undermine a business and take out a company virtually overnight. No organization wants to be crippled by cyberattacks.

Some of the world’s largest enterprises have experienced attacks. Reports in the media have shone a spotlight on some high-profile cases. In one case, cybercriminals held a high-profile organization “hostage,” and the organization paid $40 million (paywall) to get its network “unransomed.”

So, why are so many organizations losing the battle against cyberattacks? As the chief marketing officer of a company that offers storage solutions, I believe the primary reason is that C-level executives are missing a key component of an overall corporate cybersecurity strategy. In fact, it’s glaringly missing at many companies, but CIOs and CISOs are just beginning to include this missing piece after ignoring it for years.

Why The Storage Estate Needs Attention

Firewalls, network security and edge protection are often the first things that leaders consider when they’re thinking about security. IT leaders are always looking at server and software infrastructure to see how they can combat cyberthreats, and that is clearly a critical cyberattack point. However, cybercriminals can sneak into the enterprise infrastructure. They may wait there, even for months, until they can cause the most damage.

I’ve seen cybercriminals targeting primary storage and secondary, backup or disaster recovery storage with greater sophistication. Cybercriminals can take advantage of the company’s enterprise storage systems and do it in deceptive and sneaky ways.

A big reason I’ve seen for this uncomfortable reality is that CIOs and CISOs usually overlook storage. It is extremely common for the C-suite to look beyond the storage estate of the enterprise or struggle to understand how storage relates to data security. This lack of mindfulness about storage has created the missing link and could expose many companies to cyberattacks.

It’s time for a comprehensive approach to overall corporate cybersecurity that not only includes firewalls, network security and edge protection but also expands the cybersecurity plan by adding enterprise storage infrastructure.

The Evolution Of Corporate Cybersecurity Strategy

For the good of their organizations, CIOs and CISOs should start including storage in their cybersecurity strategy. They should use an end-to-end approach. Changing the paradigm is important for protecting valuable corporate data assets.

Increasing an organization’s storage cyber resilience as a safeguard against cyberattacks is critical. Traditional data backup is no longer sufficient. By making storage a centerpiece of your security strategy, your lens to see the bigger picture will widen. The right data protection and storage cyber resilience can mean the difference between staying in business and going bankrupt. Cybersecurity and cyber resilience should align.

Where To Start

Your starting point should be focused on incorporating modern data protection into your enterprise infrastructure. But you’ll want to do your research to find out more about the what, why, when, where and how. The following are a few key things to keep in mind and questions to ask storage providers:

• Build cyber resilience into your IT infrastructure. Ask providers how much guaranteed availability they provide, as well as whether and how they can provide fully scaled data restoration for business continuity.

• Ask your IT solution provider—there are hundreds that serve the enterprise market—how to incorporate modern data protection and cyber resilience to enhance your end-to-end security strategy.

• Ask providers how they use automation to advance your storage estate. What protection do they provide against cyberattacks, including ransomware and malware, without you needing to intervene?

• Explore flexible consumption models for enhancing your storage capabilities to make cyber resilience as cost-effective as possible. For example, you could consider utilizing storage as a service.

Ultimately, companies can cut down the time they spend unaware of a data breach, and the recovery can be significantly faster—measured in minutes, instead of days, weeks or months. The future of business depends on storage becoming part of a comprehensive corporate cybersecurity strategy.


Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?