- 4 hours ago
Cyber resilience is no longer just an IT problem, it’s a business survival issue. Greg Statton, CTO APJ at Cohesity, breaks down what leaders must know.
Category
🗞
NewsTranscript
00:00Alright, on separate news, cyber attacks are no longer just technical disruptions.
00:04There are existential threats to businesses, from ransomware to data theft.
00:08Organisations across Malaysia and ASEAN are facing higher regulatory pressure,
00:13financial losses and reputational risk than ever before.
00:16So today, we're going to examine why cyber resilience has moved firmly into the boardroom.
00:22And now, I'm joined by Greg Stetten, the Chief Technology Officer for Asia-Pacific
00:26and Japan at Cohesity to discuss how organisations can move from reactive defence
00:31to true business survival in an increasingly hostile digital landscape.
00:34Mr Stetten, thank you so much for joining us this morning.
00:37Cyber resilience is increasingly being framed as a boardroom issue rather than an IT problem.
00:42What has fundamentally changed in the threat landscape to drive this shift,
00:47particularly for organisations in Malaysia and across ASEAN?
00:51Please.
00:53You know, I think it's no surprise that there's been a rapid increase in cyber attacks across
00:59the globe, especially across ASEAN and Asia-Pacific.
01:02And if you kind of look at this, it's not just the cost of paying the ransom,
01:08and it's not just the cost of lost revenue or customers.
01:12There's a growing regulatory pressure across the ASEAN region.
01:15Local governments are tightening data protection and data breach disclosures.
01:20So, not only is there kind of a monetary impact, but now there's government regulation impact,
01:26which are elevating the conversations out of the IT group discussions and into the board level discussions.
01:33And your research shows that we've seen before, then we read as well,
01:37that a vast majority of companies are actually facing regulatory and also financial consequences
01:42after cyber incidents.
01:44So, actually, our organisations are underestimating the true costs of cyber attacks.
01:50And actually, where are the biggest blind spots that you see today?
01:55I think everybody is underestimating the true costs.
01:59There are quite a lot of blind spots.
02:00You know, our research shows that, you know, of those impacted across Asia-Pacific, 90% have lost revenue.
02:0745% have lost customers, and a staggering 89% of those across Asia-Pacific have paid the ransom in
02:16the last 12 months.
02:18And I think everybody is really focusing on kind of defending the outer perimeter,
02:23and now people are looking at where they can back up data more efficiently, faster, and be able to recover
02:29faster.
02:30I think really one of the biggest blind spots that we're educating a lot of customers on is helping them
02:36understand
02:37what constitutes a minimally viable company or minimally viable entity.
02:42This is how you can get your business back up as quickly as possible to serve your customers
02:47to really start to reduce the number of customer impact and revenue impact.
02:52We'd really like to see those numbers drop as close to zero as humanly possible.
02:58So, given these rising costs and consequences, organizations are clearly under pressure to respond faster and smarter,
03:04which brings us to the role of emerging technologies like AI.
03:08So, with AI now being used by both attackers and also defenders,
03:12how is AI-native backup and also recovery changing the way organizations detect and also respond to threats in real
03:20time?
03:22And I think you hit the nail on the head there.
03:25You know, the attackers are using artificial intelligence, machine learning, and generative AI
03:29to be able to hit zero-day vulnerabilities, to be able to attack faster, and to act more human.
03:35And so, we have to defend using the same tactics.
03:38So, I think smarter, more rapid threat detection, especially for novel attacks.
03:44You know, these could be things that we've never seen before,
03:46but being able to recognize patterns a lot faster allows us to respond faster.
03:52Being able to be able to provide data governance globally and more intelligently at scale across the data
03:59allows you to understand the impact of potential data breaches
04:03and to ensure that your data is resilient and compliant to the policies or regulatory concerns.
04:10I think we're even seeing some more interesting things, especially as generative AI and agentic AI come into the enterprise
04:16using intelligent data protection mechanisms and data resiliency schemes
04:22to bring back data that could have been errantly deleted by AI agents in new agentic systems.
04:32You know, being able to holistically look at things is going to make a company more efficient.
04:37So, while AI is reshaping how threats are detected and managed,
04:41the reality is that many organizations are operating in increasingly complex environments.
04:46So, many enterprises in APEC are operating in hybrid and multi-cloud environments.
04:51So, what are the key challenges that they face in ensuring resilience
04:54and what should they prioritize when modernizing their data protection strategies?
05:01And I think having a hybrid environment is smart from an enterprise perspective.
05:06This allows them to cost-optimize where applications are deployed
05:09and bring applications closer to the data.
05:13But that brings a lot of complexities.
05:15You know, all of your data is now segmented and siloed across all of these other organizations
05:21and public cloud providers, hyperscalers.
05:25So, you need a data protection and cyber resiliency platform
05:29that can kind of help consolidate across that data no matter where that data lives.
05:33You need to be able to identify what data is extremely important
05:37across all of these other locations in which the data is stored.
05:40And what we're also seeing now, especially across ASEAN,
05:44is the push towards sovereignty of data
05:48and being able to go with a data protection or cyber resilience scheme
05:52that can operate, you know, and help customers move to sovereign data protection
05:58and sovereign cyber resiliency is going to be key going forward.
06:02And beyond just securing these environments, Mr. Sutton,
06:06forward-looking organizations are now asking a bigger question,
06:09which is how to turn protected data into a strategic advantage.
06:12So, beyond defense, there's a growing discussion around turning secure data
06:18into a strategic asset.
06:20How can organizations safely reuse data for analytics or AI
06:24without increasing their risk, exposure,
06:26and what separates leaders from laggards in this space?
06:32I think what we've learned over the last couple of years in enterprise AI,
06:36the last mile to that is being able to bring enterprise data at scale,
06:40safely, securely, and responsibly.
06:42It's not just the models alone.
06:44We've spent a lot of time working from kind of the dirt
06:47all the way up to model delivery, including power generation,
06:50GPUs, data centers, et cetera, et cetera, et cetera.
06:53But for organizations to gain true value out of that,
06:56they need to be able to bring their data.
06:58But with that brings a lot of risks.
07:00And I think when you look at what we just talked about before,
07:03the consolidation of silos into a single resilient platform
07:06that gives organizations the ability to provide global governance at scale
07:11to be able to implement their own corporate policies.
07:15Now, when you're able to identify what data should be owned by who,
07:19where it should be living,
07:21and whether or not this piece of data should be used with AI,
07:24if this is the most recent and correct version,
07:27then you're able to easily re-leverage that data
07:30for operational efficiencies
07:31without creating multiple costly copies of this data.
07:36One concern, how should boards and leadership teams
07:40rethink governance structures to better own cyber resilience
07:43rather than just delegating it entirely to IT?
07:46Do you see a disconnect today
07:48between what boards think they understand about cyber-rease
07:51and also the reality on the ground?
07:54Yeah, I think this should be a cross-functional discussion
07:58across an enterprise.
08:00I think you have data and application owners
08:03across all of the various functions within an organization.
08:06And each of them have a stake in this.
08:08Each of them know their business, they know their data,
08:10and they should be working cross-functionally
08:12in order to create global corporate policies
08:15that can help protect, secure,
08:17and help provide insights back to their data globally.
08:22Across ASEAN, if I may add, Mr. Stetton,
08:25regulatory frameworks are evolving at different speeds.
08:28So is this fragmentation creating challenges
08:31for organizations operating across borders,
08:33or do you expect more harmonization
08:35in cyber-regulations across the region in the near future?
08:40You know, I could foresee, you know,
08:43across the region, countries kind of working together
08:46to help ensure that at least the regulations rhyme.
08:51You know, they kind of are operating
08:53across similar boundaries.
08:54But I also see a huge push
08:56across all of the different individual countries
08:59across ASEAN to start, you know,
09:02focusing more on sovereignty of data
09:03to ensure that their data is protected
09:06within their borders and that it is compliant
09:08with regulations that are kind of bespoke
09:10for that particular country
09:12and that particular government's needs and desires.
09:15So looking ahead, what will define
09:17a truly cyber-resilient organization
09:19in the next perhaps three to five years?
09:21And what risks do you think are currently underestimated
09:24but could become major threats in that time frame?
09:29I think in order to have a truly cyber-resilient platform,
09:33you know, it starts with ensuring your data
09:35is all protected.
09:37So that's finding all data no matter where it lives
09:40across various silos or organizations,
09:43public cloud, private cloud, sovereign clouds,
09:45being able to kind of identify all that data,
09:48be able to consolidate onto a single platform,
09:50be able to provide global governance,
09:53be able to ensure that that data is recoverable
09:56from an application level.
09:58You need to be able to detect and identify threats
10:02in an organization, in your environment.
10:04You also need to be able to practice recoveries at scale,
10:10to be able to react quickly when something does happen.
10:14It shouldn't be an emergency.
10:15It should be kind of a very quick and easy checklist
10:20of execution moving forward.
10:22And I think once a company is able to achieve
10:25completion across those five steps,
10:27they will be fully cyber-resilient,
10:30not only for today,
10:31but I really see that as kind of future-proofing
10:35the cyber-resilience for their environment,
10:36no matter what is going to come at them in the future.
10:40All right, Mr. Stetton,
10:41thank you so much for the outlook,
10:43because as cyber threats continue to evolve,
10:45one message is clear,
10:46which is resilience is no longer optional,
10:48from AI-driven attacks to complex cloud environments.
10:51Organizations that treat data production
10:54as a strategic priority,
10:56not just an IT function,
10:57will be the ones that endure.
10:59So thank you again to Greg Stetton of Cohesity
11:02for those insights.
Comments