Ransomware: Legacy technology makes businesses more vulnerable 

Ransomware: Legacy technology makes businesses more vulnerable

Share post

The results of a new global study commissioned by Cohesity show that nearly half of the companies surveyed are using legacy backup and recovery infrastructure to manage and protect their data. Forty-nine percent of respondents say their solutions were built before 49—well before the multicloud era and onslaught of cyberattacks organizations are facing today.

In addition, many IT and security teams do not appear to have a concrete plan for how to proceed in the event of a cyber attack. Nearly 60 percent of respondents expressed concern when asked about the ability of their IT and security teams to respond efficiently to an attack.

2.000 IT and SecOps professionals surveyed

🔎 Survey of legacy backup and recovery infrastructure (Image: Cohesity).

These are just some of the findings of an April 2022 Censuswide survey of more than 2.000 IT and SecOps professionals (almost 50/50 split between the two groups) in the United States, United Kingdom, Australia and New Zealand. All respondents are involved in decision-making processes for IT or security in their companies.

"IT and security teams should protest loudly if their organization continues to use outdated technologies to manage and protect their most important digital asset - their data," said Brian Spanswick, chief information security officer at Cohesity. "This legacy infrastructure was not designed to protect today's complex multi-cloud environments, nor does it have the ability to quickly recover data from cyberattacks."

Outdated solutions are overwhelmed

Managing and securing data has become much more complex as the amount of structured and unstructured data grows exponentially, as does the type and variety of locations where that data resides.

  • Forty-one percent of respondents said they store data on-premises, 43 percent use public clouds, 53 percent use a private cloud, and 44 percent have chosen a hybrid model (some respondents use more than one option).
  • Despite this, 49 percent of respondents trust their data to legacy backup and recovery technology developed before 2010. Nearly 100 respondents (94 out of 2.011 total) admitted their environment was designed before the turn of the millennium.

“In 2022, the fact that there are companies still protecting their data with technology from the 1990s is quite frightening. Because their data can be compromised, exfiltrated or hijacked and trigger massive compliance problems for these companies,” says Spanswick. “In this survey, we found nearly 100 respondents who said their organizations rely on such antiquated data infrastructures from the 1990s. That begs the question of how many other companies around the world are in the same situation.”

What drives IT and SecOps teams

🔎 Survey: What focus when it comes to backup (Image: Cohesity).

Respondents identified what they believe are the biggest obstacles to getting their business up and running again after a successful ransomware attack. The results are as follows (respondents were asked to tick all applicable items):

  • lack of integration between IT and security systems (41 percent)
  • lack of coordination between IT and security (38 percent)
  • Lack of an automated disaster recovery system (34 percent)
  • outdated backup and recovery systems (32 percent)
  • Lack of a current, clean, immutable copy of the data (32 percent)
  • Lack of detailed and timely alerts (31 percent)

What priorities should management set?

Many respondents see the modernization of their data management, security and recovery functions as well as improved cooperation between IT and SecOps as good approaches to strengthen their security structure in the multicloud operations of their companies. The top five actions respondents would want company leaders to take in 2022 are:

  • Greater integration between modern data management and security platforms and AI-powered alerts on abnormal data access to provide early warning of attacks (34 percent)
  • Extensible platform including third-party applications for security operations and incident response (33 percent)
  • Automated disaster recovery of systems and data (33 percent)
  • Upgrading from legacy backup and recovery systems (32 percent)
  • Fast, enterprise-wide data backup with data-in-transit encryption (30 percent)

“Both IT decision makers and SecOps should share ownership of cyber resilience outcomes. This includes an assessment of all infrastructure used in accordance with the NIST framework for data identification, protection, detection, response and recovery. Also, both teams need to have a thorough understanding of the potential attack surface,” Spanswick said. “Next-gen data management platforms can bridge the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay ahead of attackers, who today often exfiltrate data from legacy systems that then don't more can be recovered.”

More at Cohesity.com

 


About Cohesity

Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.


 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more