Not all data and organisational security is created equal

Australia has become a prime target for cybercriminals. In 2024 alone, we recorded 47 million data breaches, according to the Australian Cyber Network’s (ACN) State of the Industry 2024 report, and now rank 4th globally as one of the most targeted nations for cyber threats against critical infrastructure. Phishing attacks are on the rise, with 8.9 million recorded incidents globally, and hackers can escalate their attacks in just 48 minutes (or even faster!).

The evidence is clear – protecting Australia’s critical infrastructure has never been more important.

But there’s a twist. Not all data and organisational security strategies are built the same. If your organisation isn’t prioritising key data or regularly reviewing security policies, you could be taking a big risk with breaches that might seriously disrupt operations. 

Are you confident your current setup is ready to handle today’s threats?

Cyber threats are becoming more sophisticated

When you think of a hacker, you might picture someone in a dark hoodie working tirelessly on malware code or sending out phishing emails. But today’s reality is far more complicated.

Enter access brokers – cyber mercenaries who specialise in breaking into organisations. According to a CrowdStrike report, their activity jumped by 50% in 2024. Once they’ve gained access to a network, they sell it off to other cybercriminals, like ransomware groups, essentially turning your compromised system into a ‘cyber open house.’

Adding fuel to the fire is the adoption of AI by cybercriminals. They’re using generative AI to create phishing attacks that are almost impossible to spot and spread highly convincing disinformation. Much like a double-edged sword, while AI is helping businesses grow, it’s also giving hackers incredibly powerful tools that didn’t exist just a few years ago.

If that’s not unsettling enough, 79% of detections in 2024 were ‘malware-free’. This makes traditional anti-virus solutions blunt tools in a razor-sharp arena. Most attacks now rely on social engineering and identity-based compromises instead of relying on traditional malware.

Protect what really counts

Many organisations stumble by relying on security strategies that treat all data as being equal. Instead, the value of data varies between industries. For example:

  • Critical infrastructure sectors—like electricity, healthcare, food supply—carry highly sensitive data whose breach could create nationwide ripple effects.
  • Retail and financial services deal with volumes of personal identifiable information (PII) that could cause harm if it gets leaked.

Aside from industry factors, data silos can impact value. For instance, customer payment details and intellectual property usually need stronger protections compared to public-facing operational data.

If your security framework doesn’t account for these differences, you could end up over- or under-investing in critical areas.

Attackers prey on the unsuspecting

Today’s phishing attempts aren’t just about dodgy emails packed with malware—they’re all about catching you off guard in a split second. Business email compromise (BEC) scams go one step beyond, targeting human instincts and those brief moments of poor judgment.

Here’s a statistic likely to give you pause: The fastest recorded ‘breakout time’ for lateral movement in a target system was just 51 seconds.

Unfortunately, once hackers have cracked one layer of your security, their partners-in-crime won’t be far behind.

Take steps to strengthen your security framework

If adopting wholesale security strategies gives you a false sense of calm, here are actionable steps to bolster your approach:

  • Step 1. Prioritise data by sensitivity

    Start by mapping out and categorising your most sensitive data. Then set up detailed access control policies that match the sensitivity of the data. Frameworks like the NIST Cybersecurity Framework and ASD’s Essential Eight Maturity Model are great starting points.

  • Step 2. Put least-privilege policies in place

    By adopting least-privilege principles, everyone in your organisation—whether inside or outside the company—only gets the access they need and gets verified every time they access your system.

  • Step 3. Regularly check access privileges

    Do you know who accessed what—and why? Regular audits should check on access privileges, especially for sensitive systems or user accounts, like admin profiles.

  • Step 4. Train and empower your team

    Since phishing and BEC attacks often rely on human mistakes, cybersecurity awareness shouldn’t be just an IT-related activity. Run simulated phishing tests to keep everyone sharp and on their toes.

  • Step 5. Partner up where necessary

    When resources like people, money, or time are tight, managed services focused on governance, risk and compliance can take the pressure off. If an access broker sells sensitive credentials, responding quickly can mean the difference between staying out of the news or making headlines.

  • Step 6. Conform to standards like ASD’s Essential 8 or NIST

    Following cybersecurity frameworks like NIST 2.0 or ASD’s Essential Eight helps you build a strong, layered defence system.
    • ASD’s Essential Eight recommends using multi-factor authentication, application whitelisting, and regular data backups, amongst other best practices.
    • The NIST framework—which now also includes governance—helps organisations map out their current and future security measures, making it easier to improve over time.

Act now before threats outpace defences

Recent legislative changes in Australia, like the 2022 Critical Infrastructure Act, aim to close the floodgates. But with the expanded scope, more businesses(and even their supply chains) now have to step up and meet stricter cybersecurity requirements.

Remember, hackers don’t always directly target infrastructure. Instead, they breach remote vendors and service providers to worm their way in from the side. By taking proactive steps and building a strong security strategy, you can elevate ‘good’ organisational security to ‘impenetrable’.

  

Report reveals: A surprising number of organizations still tethered to outdated backup practices

You’re probably well aware that efficiency and optimisation are the name of the game for organisations in 2025.

But many businesses are unknowingly leaving immense value on the table, simply because they don’t maximise their backup strategies.

Added to this challenge is the reality that the winds of change aren’t letting up. With more and more of your teams depending on digital data, and—in tandem with the rising role of data security—it’s predicted we’ll all be witnessing the upward trajectory of backup and restore software from 2025 to 2032.

While backing up data may seem like a no-brainer, outdated practices like manual backups remarkably continue to plague nearly a third of organisations.

For those of us trapped in the now-archaic practice of tape storage, the time has come to jump into the 21st century and consider an updated approach to our data management and protection strategies.

Today’s state of backup disarray is more common than you’d think   

In addition to the alarming 29% of organisations still manually copying backup data, 5% of businesses leave their SaaS applications completely unprotected.

While these statistics may seem shocking, they’re a symptom of an outdated mindset that backups are merely ‘nice to have’.

To understand how far we’ve come, let’s take a step back and consider the legacy of tape backups.

Manual intervention used to be the norm. We didn’t have the option to question the laborious practice of swapping tapes out daily and transporting them offsite for security. As well as being taxing, getting to a point of recovery frequently chewed up months of valuable time and resources that nobody had to spare.

Annoyance with backup tapes was something that Colin, Biggers & Paisley, a Sydney-based law firm, could relate to. Their systems administration manager, Steven West, has looked after their backup and recovery process for over a decade, and remembers the frustration well.

“Using backup tapes was a massive commitment in terms of both time and effort. We ran old-school backup and sync products (like tape and disks) to cover on-premises and virtual machines throughout the week, and on weekends and public holidays.

“Unfortunately, it didn’t leave us a lot of room for system maintenance windows. By the time our backup technician finished, we’d have over a dozen tapes or disks to remove from the offices and store off-site in a bank vault. Then we’d start the whole backup process again.”

Since investing in a modern, fully-managed solution, the Colin, Biggers & Paisley team has come out the other side with bragging rights that feature business-enhancing advantages like streamlined processes, reduced downtime, and significantly minimised disaster recovery risks. What’s not to love?

Backing up responsibly is in your hands, so don’t sit on them

The age of cloud backups is saving the day, but to truly safeguard your organisation against the inevitability of a cyberattack, your backup strategy needs to be automated, tested, and proactive.

Rather than mopping up the mess after a disaster, the first prize is to get ahead of the problem.

Enter the proactive approach of data resilience. With this key piece of the disaster recovery puzzle in place, you can weather a cyberattack, retrieve critical data and applications during the attack, and get back to work in record time.

To shed light on how to implement robust cybersecurity plans that defend your business during that inevitable attack, these three standards can help you cut through the clutter:

  1. The Shared Responsibility

    The essence of this security and compliance framework may come as news to some: protecting your data is your responsibility.

    Most businesses in Australia use an average of three public cloud service providers, and assume that data protection is part of the deal. But while platforms like Microsoft 365, Salesforce, and Google Workspace manage infrastructure, many cloud applications only offer limited protection.

    Building cyber resilience requires action and should be top of your agenda. Make a start today by confirming that your SaaS solutions like Xero, Salesforce, or Intuit are truly backed up.

  2. Australian Signals Directorate (ASD) Essential Eight

    According to guidelines from the ASD, data protection plans should include:
    • Consistent and trustworthy backups that support the continuation of your business services
    • Disaster recovery activities that stress-test the effectiveness of your data restoration strategy
    • Guardrails to protect backups from being edited by the backup team during their retention period
    • Proactive retention procedures that guarantee secure compliance

  3. The National Institute of Standards and Technology (NIST) 3-2-1 Rule

    While navigating the expanse of security threats can feel complex and daunting, the NIST 3-2-1 Rule is simple, clear, and succinct:
    • Secure three copies of your data
    • Keep the copies in two different locations or media formats
    • Store one copy in the cloud or offsite

Subpar backup strategies can result in eye-watering costs

According to Forbes, the global average cost of a data breach amounted to a whopping $4.88 million in 2024. As we all become increasingly data-dependent in our workplaces, the expected consequences for those of us who don’t have plans to upgrade to automated, cloud-based solutions are clear.

While your teams may already be lagging behind in their backup strategy, all is not lost. The promise of efficiency and peace of mind are well within reach if you’re ready to fight—and win—the war on risk.

A heads up for 2025: 10 data management trends to keep your eye on

Welcome to 2025. So, what are the emerging data management trends that will frame up the future? Yours, and ours.

We’ve all become ever more reliant on data for decision-making, strategic planning and operational efficiency. These are some of the trends that will change and improve how we manage information in our businesses.

1. Data fabric architecture is (still) hot to trot

The concept of data fabric was first floated in the early 2010s (and Forrester made the term official in 2013), but it didn’t gain real traction until around 2018.

This year (and beyond), it’s expected that data fabric architectures will continue to rise in popularity. In its Top Trends in Data & Analytics (D&A) through 2030, Gartner predicts that by 2027, “30% of enterprises will use data ecosystems enhanced with elements of data fabric supporting composable application architecture to achieve a significant competitive advantage.”

Data fabric is a completely new approach to data management. It integrates disparate data sources across on-premises and cloud environments into a single cohesive framework.

What will adopting a data fabric architecture mean for you? With a unified view of your data, you can streamline how you access, manage, and analyse it. Both data governance and decision-making will be easier as your stakeholders can easily get their hands on real-time data. As you expand – and your data siloes do likewise – data fabric will make sure you can maintain transparency of all of your organisational data.

2. Cloud data management is here to stay?

First up, we need to say that, in all honesty, the shift towards any cloud-based solution can no longer be called a trend. It’s a fundamental, done-and-dusted change in how today’s businesses approach data storage and management.

We all know that businesses have moved away in droves from traditional on-premises solutions in favour of scalable, flexible cloud environments. (As of 2021, O’Reilly Media reported that cloud adoption by businesses, from SMEs to mega-enterprises, was already over 90%.)

So, when it comes to cloud data management solutions, what’s in it for you? Try the big three: accessibility, collaboration, and cost-efficiency. You’ll be able to leverage the best features of multiple cloud services, support data redundancy and disaster recovery, and also tick all the boxes for scalability, flexibility, and cost savings. Best of all, you can choose the best services for your needs – while avoiding vendor lock-in. Not to forget, you’ll be able to support dynamic workloads and drive innovation.

3. Data governance and compliance will just get tougher

As data privacy regulations tighten even further, effective data governance is flagged as a critical priority for organisations around the world.

To comply with regulations such as GDPR, CCPA, and HIPAA, the pressure will be on to implement robust governance frameworks. This includes defining clear policies for how you access, use, and protect your data while also maintaining transparency with your stakeholders regarding your data practices.

What does this mean for you? You’ll need to invest in tools and technologies that will automate your compliance reporting and track the lineage of your data. The role of Data Stewardship will become more prominent, so it’s likely you’ll need to designate responsibility to someone in the business for overseeing data quality and compliance.

It’s also worth noting the larger governance picture: Gartner says that “current data governance practices are often too rigid and insensitive to the business context. By 2027, for example, 60% of organizations will fail to realise the anticipated value of their AI use cases due to incohesive data governance frameworks.”.

4. Real-time data processing for real-time decisions

The rise in demand for real-time data processing is another trend to watch for as businesses increasingly seek to make on-the-spot decisions.  

In The Wall Street Journal’s article ‘In an On-Demand World, Real-Time Data Is ‘Becoming an Expectation’, AWS’s VP of Messaging and Streaming, says, “Anything outside of using real-time data can frustrate end consumers and feel unnatural. Having real-time data always available is becoming an expectation for customers. It’s the world we’re living in.”

As for your business? Be on the lookout for technologies such as stream processing and event-driven architecture. These will allow you to analyse data as it arrives so you can respond quickly to changing market conditions and consumer behaviour. Another bonus is that real-time analytics can improve the customer experience. You can delight them by acting and reacting more quickly and making personalised recommendations to ramp up both engagement and loyalty.

Are you in the finance, healthcare, or e-commerce industry? Then, you’ll find real-time analytics particularly beneficial for fraud detection and patient monitoring.

5. Decentralised data management makes its move

With the rise of blockchain technology, decentralised data management is gaining momentum. This approach enhances data security and integrity by allowing multiple parties in your organisation to access and verify data – without relying on a central authority.

So, how is this helpful? If you’re in an industry where consumers turn to you for trust and transparency (think finance, healthcare, and supply chain management), then decentralisation is particularly beneficial. It also helps you reduce the risk of data breaches and ensure that your private information remains…private.

6. Emerging data privacy and security enhancements

So, how is this helpful? If you’re in an industry where consumers turn to you for trust and transparency (think finance, healthcare, and supply chain management), then decentralisation is particularly beneficial. It also helps you reduce the risk of data breaches and ensure that your private information remains…private.

7. Data is no longer a byproduct but a standalone product

The view of data is changing from a byproduct of a business’s operations to a product in its own right – or, in techspeak, Data as a Product (DaaP).

How will DaaP impact you? The DaaP approach encourages you and your team to treat your data with the same care and strategy as your most valued (and valuable)  products and services. By focusing on the quality, usability, and customer value of your data, you can create new revenue streams and, again, enhance the customer experience. A DaaP approach also fosters accountability and ownership within your teams as the value of the business’s data is in their hands.    

8. Sustainability in data management will become a thing

As awareness of environmental issues rises, many organisations are being pushed to how sustainable their data management practices are. Considerations that come into play include optimising data storage to reduce energy consumption and prioritising eco-conscious operations by adopting cloud solutions.

How can you do your bit? Talk to your data centre about how they manage energy consumption, utilise renewable energy sources, and apply practices that reduce the carbon footprint of data storage and processing. (Any data centre worth its salt will have this information at their fingertips). Also, consider the lifecycle of your data – from creation to disposal. Does it align with your sustainability goals?

9. Data democratisation, self-service data platforms, and data literacy programmes

As we all increasingly focus on the trend of making data accessible to all employees (regardless of their technical expertise), there will also be more demand for user-friendly analytics platforms and self-service tools. Obviously, training programs will be essential to allow your employees to make confident data-driven decisions.

What will this mean for you? If you aim to foster self-sufficiency in a data-driven culture, then you need to plan to investigate self-service platforms that allow your non-technical users to access, analyse, and visualise data. All without turning to an already under-the-pump IT department for support. And back it up with data literacy programs so your employees can read, understand, and communicate data effectively.

10. AI and Machine Learning integration

No list of trends is complete without a very large nod to Artificial intelligence (AI) and machine learning (ML). And yes, it’s a pretty fair bet that every trends list for this year will include both – and with good reason.

In the context of what this will mean for you, AI and ML are transforming data management practices by eliminating time-consuming processes involved in data classification, cleaning, linking, and analysis and replacing them with automation. If your team never again have to analyse a large dataset, they’ll thank you for it.

You can also look forward to using AI to forecast market trends and customer behaviour with uncanny precision – so, in turn, your marketing team can use their talents to develop more targeted and effective marketing strategies.

And with AI, you can finally convert those large volumes of data that have been left to languish into actionable insights and drive predictive analytics. For example, AI algorithms can identify patterns in vast datasets, so you can anticipate trends and make those data-driven decisions pronto. AI can also personalise data experiences for your users so they can find what they need more easily – and reduce errors.

Overall? What does this all mean?

So, given these trends, what will 2025 look like? The data management landscape this year will be typified by a blend of technological advancements, regulatory compliance, and a strong emphasis on security and sustainability. In many ways – no big surprises.

Those organisations (and we sincerely trust you will be one of them) that proactively adapt to these trends will be in a much better position to turn their data into a strategic asset to fuel growth and innovation.

DRaaS is a Business Growth Strategy

Transformational changes, as we experienced in 2020, bring challenges and unforeseen business opportunities. Improving enterprises’ growth opportunities and ensuring business continuity are two areas where the cloud plays a vital role. Organizations that embrace the cloud transform into asset-light entities that are agile, more competitive and focused on the growth of their businesses. Cloud-based disaster recovery as a service (DRaaS) is the foundation of a sound business continuity strategy that keeps the company running, even in the aftermath of a disruptive event.

Enterprises with mature cloud adoption improved business resiliency and reliability as they reduced downtime by 58% and monthly critical incidents by 55% with cloud migration.1

Ride the waves?

It is always prudent to ride the waves of change than to fight them. New trends, including SaaS and IoT, have shifted enterprise data to the edge and the cloud. A recent IDC report found that only 30% of stored data is stored in internal data centers. It makes the most sense to have your backup applications near your data in the cloud.2

The rising cyberthreats serve as a constant reminder and a motivator for moving corporate data to the cloud to be better protected. Business continuity requires air-gapped backup copies that are readily available in the event of a disruption. DRaaS is the wise option for a full recovery and the lowest downtime.

Gartner predicted that cyberattacks were likely to impact one organization every 11 seconds by the end of 2021. Aside from being costly, breaches will damage an organization’s reputation and cause loss of customers and trust. Cyber-attacks tend to have a long tail, and their impact on enterprises lasts for years.3

DRaaS makes good business sense?

DRaaS is the most precious business insurance policy that one can find. The value of DRaaS is rarely appreciated until we need it, however it turns out that businesses need disaster recovery a lot. Gartner says 76% of organizations reported at least one incident in the past two years that required an IT DR plan.4 Let’s look at some of the business benefits of DRaaS:

  • Budget-friendly OpEx. The cloud model offers a utility consumption model where you pay for what you consume. The new model removes the expensive upfront CapEx investments and lowers operating expenses for simplified testing.
  • Free scarce IT resources. DRaaS frees IT teams to focus on more valuable business initiatives.
  • Maintain business continuity. Cloud-based backups are air-gapped and beyond bad actors’ reach, ensuring business continuity with the least disruptions.
  • Data protection. Cyberthreats are a constant danger that requires resources beyond IT teams’ abilities. About 81% of organizations consider security their top challenge.5
  • Continuous compliance. DRaaS enables enterprises to respond to audits and demonstrate compliance with proper reporting and documentation.

Learn more about how to grow your business with our cloud DRaaS by visiting: Global Storage

Sources:

  1. McKinsey Digital February 2021. “Cloud’s trillion-dollar prize is up for grabs.”
  2. Seagate 2021. “Rethink Data. Put More of your Business Data to Work from Edge to Cloud.”
  3. Gartner December 2020. “How to Cut Costs for Backup and Recovery Software, Now and in the Future.”
  4. Gartner April 2020. “Survey Analysis. IT Disaster Recovery Trends and Benchmarks.”
  5. Flexera 2021. “Flexera 2021 Stare of the Cloud.”

Shrinking Legacy IT Business sees HDS Grow in the Cloud

Historically known as an enterprise storage-focused vendor, Hitachi Data System continues to work its way into the cloud market, which it sees as a “growth opportunity” and complementary to its long-time storage business.

Speaking with ZDNet, Adrian De Luca, Hitachi Data Systems Asia-Pacific chief technology officer, said that given the changing needs of its legacy customers, it was important for the business to take the leap and traverse into the world of cloud, too.

“There’s no secret that legacy IT is shrinking,” he said.

“Certainly the selling of our legacy components such as standalone storage has been a depressed business, but we’re still growing. The reason why we’re still growing is because of private and hybrid cloud.”

In fact, De Luca said HDS is finding its strength is in the private cloud space where the company has seen that side of the business double year-on-year. He said there’s a clear market for private cloud in Australia as many of the company’s existing enterprise customers are after the consumption and automation model, as well as the self-service model of cloud, but still want to retain their existing SLAs.

“Our enterprise customers have a lot of legacy systems; they’ve got legacy skills and fixed investments such as datacentres, so for them it seems like a quantum leap to move the cloud. So they need to typically take smaller and more incremental steps into cloud,” he said.

“What we’ve done is tried to build a journey for a lot of those customers. It’s something we call ‘your cloud, your way’.”

Unlike other traditional vendors such as IBM and Hewlett-Packard — which are also transitioning their business into the cloud market — HDS’s approach to cloud has been through setting up cloud partnerships. In the last two months, the company has signed partnerships with Brisbane-based SureBridge IT, Victoria-based Global Storage, and Avnet to help resell its cloud services onshore across the country. HDS’s offerings are also integrated to work with key software vendors including VMware and SAP.

“HDS is a partner-centric company. Unlike IBM and HP, they want to build the datacentre and run them. We know what we’re really good at but we also recognise the things that we need to partner with,” De Luca said.

While HDS is strategically playing to its strengths in the private cloud market, the vendor hasn’t completely neglected the public cloud space either. While De Luca acknowledged the company is going up against some of the biggest players including Amazon and Google that have “certainly validated a new business model”, HDS is prepared to be part of it.

In June, the company announced a number of mobility products so it could integrate public cloud offerings and extend its technology portfolio.

“What we talked about is how we can take, for example, our archive platform and actually connect a public cloud behind it. Our file serving can also leverage public cloud. This is all a big maturity change or step change of HDS in Australia. We’ve not only recognised cloud, but we’re also becoming successful in it,” said De Luca.

The plan of attack for HDS will be to target the smaller end of town, the SME market, an area that the company hasn’t traditionally been involved in before, but according to De Luca is responding better to moving to the cloud.

“I think what is happening here is that we have a clever SME community who are saying that they’re not going to bother hosting their own cloud, or buy their own components, but are going straight to a cloud service provider for all of that,” he said.

“But what they’re saying is they want to go to a local cloud service provider because they want that customer service onshore. So we’ve created a cloud service provider unit that is focused on our multinational service providers.”

The only challenge now for the company is to convince the rest of the market that HDS is serious about being a key cloud vendor.

“Quite frankly our challenge is being recognised in the market for providing these services,” De Luca said.

“We’re not a strong marketing company but we power a lot of the technology behind these local providers, so we’re happy to be the silent partner in this.”

Get in touch for a Free, No‑Obligation Consultation

Arrange a chat with our experienced team to discuss your data protection, disaster recovery, cloud or security requirements.

  • Arrange an introductory chat about your requirements
  • Gain a proposal and quote for our services
  • View an interactive demo of our service features

Prefer to call now?
Sales and Support
1300 88 38 25

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.

© 2021 Global Storage. All rights reserved. Privacy Policy Terms of Service

The Global Storage website is accessible.

Download
Best Practices For Backing Up Microsoft 365

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

This field is for validation purposes and should be left unchanged.

Download
5 Myths About Backing Up Microsoft 365 Debunked

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

This field is for validation purposes and should be left unchanged.