HYCU researchers are reporting 65% of respondents lack full confidence in their legacy backup solutions (HYCU’s in the multi-cloud backup-as-a-service biz). Excerpts
According to the report, 65% of surveyed enterprise organizations are increasing spending on detection, prevention and recovery, and respondents are beginning to understand that air-gapped or immutable backups are the only ways to ensure that the backups themselves don’t fall prey to encryption worms when ransomware hits.
Key findings include:
● 52% of ransomware victims suffered data loss
● 63% of victims suffered an operational disruption
● Just 41% air gap their backups
● Just 47% routinely test their backups
● Only 35% of respondents believe their current backup and recovery tools are sufficient
The cloud is often hailed as the “infrastructure of the future”, and with numerous organizations, businesses, government agencies, and individuals switching to the cloud for their storage needs, securing this asset has become a top priority. The pros of cloud-based backups have been profusely discussed by security experts and implemented by most major organizations. A cloud backup stores vast amounts of data in off-site centers for the likelihood that if something should happen to the main office (perhaps a natural disaster), access to data and other important business operations will still be available for the organization to pursue. However, just like a company’s main infrastructure, several vulnerabilities wait to be exploited in these crucial backup systems.
One of them is interception attacks, in which an attacker can intercept data as it is in transit to being backed up to the data center. If data is unencrypted or established without specific access rules, it is particularly easy for attackers to hit their in-transit targets with ransomware. Organizations must learn to invest highly in immutable storage (protecting data in unmodified, unchangeable formats) to prevent ransomware and any other types of in-transit attacks from occurring.
While many customers of the cloud believe that protecting their data is the responsibility of the cloud provider (the big three being Amazon, Google, Microsoft), this is not always the case. Users have a personal responsibility to ensure that the data they are backing up on the cloud also has additional precautions of their own measure. This could include the user protecting their files with passwords, backing up their data on a personal hard drive (keeping off-site copies), being aware of how often backups should occur, and, of course, implementing multi-factor authentication, (etc.).