'Data law prompting organisations to make investments in right frameworks'

Lucas Salter, GM - Asia Pacific and Japan, Data Protection Solutions at Dell Technologies discusses cybersecurity, data laws, and evolving threats

Indian customers of Dell Technologies' Data Protection Solutions are increasingly relooking at their data storage practices, classification of sensitive information, and recovery strategies in cases of a breach. Lucas Salter, General Manager – Asia Pacific and Japan, Data Protection Solutions, Dell Technologies, in an in-person interview with Sourabh Lele, explains the increasing regulatory implications of data breaches for organisations.

Several studies of reported cyber attacks suggest that India's cyber threat landscape has increasingly become more dangerous in recent years. How do you see the nature of attacks changing?

We are continuing to see an increase in both the frequency and the sophistication of attacks. Over the last few years, you are aware organisations were not addressing things like insider attacks or supply chain attacks; they are now starting to take notice of those types of attacks. We are continuing to see the impact of ransomware. As cyber attackers advance their tools and automate their capabilities, we are continuing to see attacks across all industries, no matter the size or type of the organisation. And that's requiring organisations to be more proactive in ensuring resilience, not just prevention.

India is one of the most susceptible and more susceptible countries, or vulnerable countries, to attack due to the sheer size of the data.

Do you see the cost of data breaches going up with the rise of sophisticated attacks?

We have seen a rise in the cost of breaches, and now we are seeing a rise in penalties associated with legislation or regulation. So organisations need to be aware of the implications of a breach from the regulatory or legislative side, as well as from their own business competitive advantage and trust point of view. This is resulting in organisations ensuring that they are making more investments in the right strategies and frameworks.

Around two months ago, India enacted the Digital Personal Data Protection Act, 2023. How challenging is it to reorganise processes in compliance with the new law?

I think what we are seeing now in the changing legislative landscape globally represents an opportunity for organisations to modernise their data practices. Organisations still have outdated data practices; they are storing data on tape media for many, many years. So it becomes very complex when we need to solve data recovery issues and right-to-be-forgotten legislative requirements.

Organisations need to start now, if they haven't already, digitising and modernising their data management practices. This includes capabilities like data masking or test environments that include capabilities like end-to-end encryption for data retention and storage. As organisations evolve these processes and modernise their practices, it will become easier to meet the requirements that are only going to become more stringent.

What role is Dell Technologies playing in this scenario, and what is its current market share?

From Dell Technologies’ perspective, we have access to such a large part of the data landscape – from our client devices to our server infrastructure, our storage infrastructure, multi-cloud capabilities, and our partner ecosystem around that. We are heavily involved in these programmes of work for our clients.

The most recent data on purpose-built backup appliances, shared by International Data Corporation (IDC), shows Dell Technologies has a market share of more than 48 per cent over the last four quarters. The share has increased across the Asia Pacific and Japan region by three times compared to our closest competitor. So our opportunity to solve the modern challenges that organisations have is good, and clients are turning to Dell Technologies and our partners to help them solve those problems.

Do you think the rise of generative AI has impacted the cybersecurity landscape with more advanced threats?

I think it's too early to say that based on the numbers. But we can certainly speculate that generative AI is helping both the attacker and the responder, or the protector, to either automate or prevent more frequent and more sophisticated attacks, or leverage more advanced technologies.

Generative AI will create a larger amount of data for organisations. More data will also create more value in the economy for organisations. It is clearly going to lead to several innovations and several requirements for both data protection and the ability to compromise during a cyber attack.