Legacy Technology is Undermining How Business Responds To Ransomware

New research commissioned by the data management firm Cohesity reveals that 50% of respondents in the UK say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. 

In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing organisations globally. 

Security challenges related to outdated infrastructure are compounded by the fact that many IT and security teams don’t seem to have a plan ready in place to implement when a cyber attack occurs. 

More than 62% respondents in the UK expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack. “IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset, their data,” said Brian Spanswick, chief information security officer at Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.”

Backup & Recovery Infrastructure Can Often Be Archaic 

Enterprises are using outdated technology even though managing and securing data environments has become much more complex, not just because of the exponential growth in structured and unstructured data, but because of the vast array of locations where that data is stored. 

  • Fifty percent (49.4%) of respondents in the UK said that their organisation relies on primary backup and recovery infrastructure that was designed in, or before, 2010. Among that group, 27 percent claim to use technology that was either designed between 2000-2005, or in fact, before the new millennium in the 1990s.
  • In the UK, 38% percent of respondents stated that they store data on-premises, 39% rely on public cloud storage, 50% use a private cloud, and 41% have adopted a hybrid model (some respondents are using more than one option).

The fact that many organisations are using technology to manage their data that was designed in the 1990s is alarming, given that their data can be compromised, exfiltrated and held to ransom. Furthermore, there is a big consequential risk with regulatory and compliance issues.

What Keeps IT and SecOps Teams Up at Night  

Respondents in the UK highlighted what they believe would be their biggest barriers to getting their organisation back up and running after a successful ransomware attack. The key findings are as follows: 

  • Integration between IT and security systems (41%).
  • Lack of coordination between IT and Security (37%). 
  • Lack of an automated disaster recovery system (34%).
  • Lack of and timely detailed alerts (31%)
  • Antiquated backup and recovery systems (29%).
  • Lack of a recent, clean, immutable copy of data (24%).

“Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the NIST framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface,” said Spanswick. 

These findings reinforce the importance of using next-generation data management platforms to close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors, who take great delight in exfiltrating data from legacy systems that can’t be recovered.  

Cohesity

You Might Also Read: 

Why Companies Need A Next-Gen Approach To Business Continuity:

 

« Spell-Checking In Google Chrome & Microsoft Edge Browsers Leak Passwords
Making Cyber Attack Detection Easier With Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) is a service of DeIC (Danish e-Infrastructure Cooperation).

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

Aiuken Cybersecurity

Aiuken Cybersecurity

Aiuken is an international IT Security company, focused on communications and IT technologies, specialised in Security and Cloud Services solutions with high added value.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.