Legacy Technology is Undermining How Business Responds To Ransomware

Uploaded on 2022-10-14 in TECHNOLOGY--Resilience, FREE TO VIEW

New research commissioned by the data management firm Cohesity reveals that 50% of respondents in the UK say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. 

In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing organisations globally. 

Security challenges related to outdated infrastructure are compounded by the fact that many IT and security teams don’t seem to have a plan ready in place to implement when a cyber attack occurs. 

More than 62% respondents in the UK expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack. “IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset, their data,” said Brian Spanswick, chief information security officer at Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.”

Backup & Recovery Infrastructure Can Often Be Archaic 

Enterprises are using outdated technology even though managing and securing data environments has become much more complex, not just because of the exponential growth in structured and unstructured data, but because of the vast array of locations where that data is stored. 

  • Fifty percent (49.4%) of respondents in the UK said that their organisation relies on primary backup and recovery infrastructure that was designed in, or before, 2010. Among that group, 27 percent claim to use technology that was either designed between 2000-2005, or in fact, before the new millennium in the 1990s.
  • In the UK, 38% percent of respondents stated that they store data on-premises, 39% rely on public cloud storage, 50% use a private cloud, and 41% have adopted a hybrid model (some respondents are using more than one option).

The fact that many organisations are using technology to manage their data that was designed in the 1990s is alarming, given that their data can be compromised, exfiltrated and held to ransom. Furthermore, there is a big consequential risk with regulatory and compliance issues.

What Keeps IT and SecOps Teams Up at Night  

Respondents in the UK highlighted what they believe would be their biggest barriers to getting their organisation back up and running after a successful ransomware attack. The key findings are as follows: 

  • Integration between IT and security systems (41%).
  • Lack of coordination between IT and Security (37%). 
  • Lack of an automated disaster recovery system (34%).
  • Lack of and timely detailed alerts (31%)
  • Antiquated backup and recovery systems (29%).
  • Lack of a recent, clean, immutable copy of data (24%).

“Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the NIST framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface,” said Spanswick. 

These findings reinforce the importance of using next-generation data management platforms to close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors, who take great delight in exfiltrating data from legacy systems that can’t be recovered.  

Cohesity

You Might Also Read: 

Why Companies Need A Next-Gen Approach To Business Continuity:

 

« Spell-Checking In Google Chrome & Microsoft Edge Browsers Leak Passwords
Making Cyber Attack Detection Easier With Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.