Introduction: data protection and the evolution of cybersecurity 

There was a time when data protection wasn’t actually that big of an issue. Computers were rarely connected to the outside world. They sat in glass-walled rooms where the worst threat to their data was someone breaking in to steal paper punch cards or wagon wheel-sized reels of magnetic tape. Things have changed. 

Data today is vulnerable to breach, exfiltration, destruction, and corruption. A loss of data or disruption in data availability can be harmful, if not catastrophic, to a business. Data is also subject to laws that penalize breakdowns in data security. The discipline of data protection was created to mitigate these risks. It runs the gamut from encryption to access controls, backups, data loss prevention (DLP), and strong passwords.  

The problem is that these countermeasures are no longer adequate in this new era of cyberthreats. Ransomware, while not the only threat vector, is arguably the most serious. According to the Verizon 2023 Data Breach Report, ransomware attacks were involved in 24% of all breaches. Ransomware now also often features second- and third-level threats to exfiltrate data, encrypt any exposed backups, or leak it publicly.  

With data protection methods increasingly insufficient to prevent today’s increasingly sophisticated attacks, security teams are starting to focus on cyber resilience strategies to help mitigate potential damage. The goal when building a cyber resilience plan is to return IT operations to normal after an outage or cyberattack as quickly as possible, combining prevention with preparation, response, and recovery.   

Understanding cyber resilience 

Cyber resilience is not a single solution. Rather, the term refers to a collection of practices, policies, and tools that allow an organization to be able to recover information systems and data as rapidly and completely as possible in the event of an outage or attack. 

An effective cyber resilience program has four core elements: 

• Prevention—The best resilience process may be the one you never use. Prevention keeps your organization resilient by avoiding as many disruptions as possible. This includes all the standard physical and data security measures in your typical data protection plan, plus comprehensive and ongoing cybersecurity awareness training for employees and partners.    Given the statistics, prevention may feel like an impossible task, but the easiest attack to bounce back from is the one that couldn’t penetrate your defenses in the first place.  

• Preparedness—The better you’re prepared, the more resilient you will be. Preparations for cyber resilience include acquiring and deploying the right tools for backup and recovery and devising and testing recovery plans. One best practice to consider is taking a risk-based approach that prioritizes the resiliency of the most valuable data.  

• Response—Resilience depends on effective incident response processes. This means planning for incident response, making sure that everyone knows what they are supposed to do, and testing relevant systems to ensure they operate as intended, e.g., restore data to a specified recovery point objective (RPO).   

• Recovery—The recovery process is essential for resilience. This, too, needs to be planned and tested. Recovery may involve restoring data from backup systems as well as rebuilding compromised systems. Alternatively, recovery might involve failing over to mirrored systems in the cloud that bring software and data back online so quickly that the outage may not be noticeable to users. 

While most data protection measures provide essential security, your cyber resilience strategy shines above all else as a well-coordinated, pressure-tested action plan aimed at maintaining business continuity. 

The necessity of cyber resilience 

Cyber resilience is becoming a “must have” capability considering the prevalence of serious cyber threats, as well as accidental outages like this year’s CrowdStrike episode.  Recent examples of breaches that bypassed data protections include the 2024 ransomware attack on Change Healthcare, which resulted in the theft of 4 TB of data and a $22 million fine, and the theft of data on 1.7 million people in an attack on Slim CD, a payment card processor. In the Slim CD case, an unauthorized user lurked in the company’s network for over a year before breaching the company’s data.   

While these companies had data protection countermeasures in place, attackers were still able to get around them. They had to remediate the breach, notify customers, deal with legal and public relations challenges. It’s expensive business to be the victim of a cyberattack, and money isn’t the only thing it can cost an organization. 

The role of cloud object storage in cyber resilience 

If you want to be resilient, you have to do more than just protect data from breach. You have to be agile enough to restore data quickly, and secure enough to render your data impervious to attack. To achieve these goals, the best approach is a combination of cloud object storage and cryptographically-driven immutability.  

Why cloud object storage? 

To be resilient, you must have the ability to back up and restore large amounts of diverse data at a rapid pace, which traditional alternatives like block and file storage are not designed to do.  

In contrast, cloud object storage brings together the virtually limitless capacity of the cloud with object storage’s unique ability to store both structured and unstructured data in an open-ended “data lake” environment. It's this combination of scale and flexibility that give cloud object storage the edge when it comes to resiliency. 

 Immutability with object lock  

Data housed in cloud object storage is still vulnerable, however. True resilience comes from preventing an attacker from modifying or deleting that data, which is the purpose of Wasabi Object Lock.  

This technology uses cryptographic methods to create a “virtual air gap” that seals off data from malicious actors. It lets admins make selected data objects (or entire buckets) immutable—impossible to change or delete—for a set period of time. When an object is immutable, it cannot be further encrypted or deleted in a ransomware attack, effectively eliminating the two favorite weapons of cybercriminals.  

Cloud storage account security 

A further countermeasure that builds cyber resilience can be found in a feature unique to Wasabi, called Multi-User Authentication. Following the same control model as nuclear missile launch protocols, which requires two individuals to turn keys simultaneously to authorize a launch, this feature allows admins to appoint up to three people who must collectively authorize the deletion of an account. This way, even if an attacker or malicious insider gains access to your cloud storage account credentials, , he or she cannot delete your account.  

Conclusion: Building a Cyber Resilient Future 

Data protection is necessary for cyber security, but it is no longer enough to prevent the worst impacts of ransomware and other serious threat vectors that now predominate. The risk of having data encrypted, corrupted, or deleted in an attack is too great. Cyber resilience— the ability to restore data and operations quickly and efficiently— should be seen as the new gold standard for security.  

The Wasabi cloud was designed with cyber resiliency in mind. Wasabi Hot Cloud Storage provides a cost-effective way to store large volumes of backup data—and restore it quickly with 100GBps direct connect speeds. It’s a scalable and durable solution, with 11 nines of data durability. The service is priced up to 80% less than hyperscalers with no data egress fees, which could make testing or retrieving your backups cost-prohibitive on any other service. 

Our immutability and other cyber resiliency features convinced Achievement First, a network of U.S. public schools on a mission to improve educational outcomes for underprivileged children, to select Wasabi and Veeam backup software for their cyber resilience program. “Anything we put in Wasabi is untouchable to threats like ransomware,” said Rob Martin, Senior Director of Network Infrastructure and Security. “If we were to get hit with a ransomware threat, we could restore rather than have to go and try and pay someone to decrypt. We can restore within minutes, and it’s as if it never happened.”