In today’s multicloud world, data protection is more important than ever. Last year, Dell Technologies Inc. released the Global Data Protection Index, which suggested that 67% surveyed were concerned about coping with malware and ransomware.

Furthermore, 70% of those surveyed believed there was an increased risk of cyber threats when it came to remote employees. With those concerns in mind, theCUBE, SiliconANGLE Media’s livestreaming studio, hosted the next episode of Dell’s “Navigating the Road to Cyber Resiliency” series on August 29.

Following the first episode in the series, the new episode dug deeper into the actionable steps businesses could take based on the cyber resilience methods previously outlined. It was an effort to help companies improve their overall security posture and their cyber resiliency along with the help of experts, according to theCUBE industry analyst Dave Vellante (pictured, left).

“We’re delving into how to best protect your company and your critical data by developing the right strategies for your cyber resiliency via secure backups and recovery and cyber vaults,” Vellante said. “Plus, overall security education and awareness for all your employees.”

Insights during Episode 2 of the series were provided by Vellante, along with industry experts and executives. They unpacked the changing nature of cyber resiliency in an increasingly challenging world and where companies that might be feeling overwhelmed can start to get to work. (* Disclosure below.) 

Here are three key insights you may have missed:

1) Dell believes cybersecurity is really a risk mitigation conversation.

For companies that have been hacked, it can feel a bit overwhelming to know what to do next. Where can they go to ensure things are secure, and how can they even start to do so?

Dell has been working in security for decades. Today, the company is bringing together some key services to help customers tackle some important challenges, according to Arun Krishnamoorthy, senior director of cybersecurity product management at Dell.

“We all know that ransomware is rising, many of our customers are struggling and we see that across all segments. Small business, medium business, commercial and even enterprises,” Krishnamoorthy said during the event. “Some customers may have a SOC and dedicated teams, other customers do not have it. But, in general, this is a widespread challenge, and it’s really causing a lot of grief for our customers.”

Given the recent rise in ransomware, the conversation needs to be a risk mitigation conversation, according to Krishnamoorthy. That’s a perspective that has emerged out of years of experience working with customers and solving problems for them. Dell will do a portfolio assessment to evaluate an organization’s risk. But the company believes that the business units, IT teams, application teams, risk teams and security teams should be working together, not just a chief security officer and their team.

“This widely varies between different companies because they’re in different stages of maturity, and they have different priorities,” Krishnamoorthy said. “We need to understand that risk appetite and exposure first, and then understand and build that strategy. How are we now going to tackle it? Where should we start, and what do next steps look like?”

Here’s theCUBE’s complete video interview with Arun Krishnamoorthy:

2) It’s important to be prepared on both sides.

As a part of Episode 2 of the “Navigating the Road to Cyber Resiliency” series, Nature Fresh Farms Inc. shared a frontline account about living through a potentially devastating attack and emerging stronger as a result. As the company shared, its encounter with a ransomware attack was a key part of its cyber resilience journey.

Since that time, the company has changed how it sees things and how it does things, according to Keith Bradley (pictured, right), vice president of IT and security at Nature Fresh Farms. That includes ensuring that vendors are much more compliant with the company’s cybersecurity policy.

“We are much more adamant about what’s open on our firewalls and how things are. We reevaluated, and even though our backup solution worked to recover for us, we found that that six- to seven-hour window wasn’t fast enough for us for recovery,” Bradley said. “We actually went out and rebuilt our entire backup policy and how we back things up and how we recover.”

The company also instituted a cyber vault, which is basically a virtual air gap solution. On the other side of the attack, it’s important for all companies to look at both sides of the coin, according to Bradley.

“How do I protect my network? And, yet, how do I recover when it happens?” he asked. “It’s always a matter of when. So be prepared on both sides. Protect your network from the attack, and be prepared to recover from the attack.”

Here’s theCUBE’s complete video interview with Keith Bradley:

3) Don’t try to boil the ocean from day one.

For World Wide Technology Inc., named Dell Technologies 2023 North America Partner of the Year, the conversation around cyber resiliency starts with setting good expectations. The company helps OEMs and customers facilitate, add value and bring expertise to deploy the best data protection solutions, according to Michael Ambruso, technical solutions architect of data protection and cyber resilience.

“It’s really important to start setting those expectations early, understand what the budgeting looks like, and more importantly, what the timeline looks like,” Ambruso said. “Because if you underestimate the amount of time you’re going to need to spend to do app rationalization and understand what you need to protect, the whole timeline goes down like a bunch of dominoes.”

When it comes to setting good expectations, the first thing to do is to understand which applications need to be protected. By getting a firm understanding of what needs to be protected, it’s then possible to understand where the customer’s crown jewels are, according to Ambruso. In large organizations, such a process needs to be a top-down scenario. That’s because if trying to work from the bottom up, things become very difficult.

“The first thing you do is walk in and tell everybody that what they’re doing is not sufficient. When it’s a top-down perspective, you have to make sure that you engage both the security and the information teams,” he said.

That means that the chief technology officer, chief information officer and chief information security officer all need to be onboard. That’s because it’s important to make sure that everyone is working in a coordinated manner, according to Ambruso. The other big lesson is that companies shouldn’t “boil the ocean” on day one. Such an approach is going to result in a project that no one can swallow.

“Post-COVID, really what we’re encountering is that there’s a much greater awareness in organizations on the need to manage that data and protect it,” he said. “What we’re seeing is more awareness of security out to the edge, and the fact that data’s not just always going to be sitting in the middle of that big data center in some centralized location.”

In addition, the company is seeing that post-COVID a lot of customers have moved a lot of solutions to cloud-based and incorporating cloud solutions. They are understanding how to protect the data that’s in the cloud, as well as the data that’s sitting inside the four walls, according to Ambruso.

Here’s theCUBE’s complete video interview with Michael Ambruso:

To watch more of theCUBE’s coverage of the “Navigating the Road to Cyber Resiliency: Episode 2” event, here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for the “Navigating the Road to Cyber Resiliency: Episode 2” event. Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE