Intelligent CIO North America Issue 24 - Page 84

Remediation starts with immutability
Respondents to the survey confirmed that 94 % of attackers attempted to destroy backup repositories and in 72 % of cases this strategy was at least partially successful . This removal of an organization ’ s recovery lifeline is a popular attack strategy as it increases the likelihood that victims would have no other choice than to pay the ransom . that the organization will never pay the ransom , but do everything in its power to prevent , remediate and recover from attacks ,” added Allan .
The only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework – which 95 % of those we surveyed stated they now have . In fact , many organizations reported having some level of immutability or air-gap media in more than one tier of their disk , cloud and tape strategy .
Other key findings from the Veeam 2022 Ransomware Trends Report include :
“ Despite the pervasive and inevitable threat of ransomware , the narrative that businesses are helpless
in the face of it is not an accurate one . Educate employees and ensure they practice impeccable digital hygiene ; regularly conduct rigorous tests of your data protection solutions and protocols ; and create detailed Business Continuity plans that prepare key stakeholders for worst-case scenarios .”
Prevention requires diligence from both IT and users
The ‘ attack surface ’ for criminals is diverse . Cybervillains most often first gained access to production environments through errant users clicking malicious links , visiting unsecure websites or engaging with phishing emails – again exposing the avoidable nature of many incidents .
After having successfully gained access to the environment , there was very little difference in the infection rates between data center servers , remote office platforms and cloud-hosted servers .
In most cases , the intruders took advantage of known vulnerabilities , including common operating systems and hypervisors , as well as NAS platforms and database servers , leaving no stone unturned and exploiting any unpatched or outdated software that they can find .
It is notable that significantly higher infection rates were reported by security professionals and backup administrators , compared with IT operations or CISOs , implying that ‘ those closer to the problem see even more of the issues .’
• Orchestration matters : To proactively ensure recoverability of their systems , one in six ( 16 %) IT teams automate the validation and recoverability of their backups to ensure their servers are restorable . Then , during remediation of a ransomware attack , 46 % of respondents use an isolated ‘ sandbox ’ or staging / test area to ensure their restored data is clean prior to reintroducing the systems into production .
• Organization alignment must unify : 81 % believe their organizations ’ cyber and Business Continuity / Disaster Recovery strategies are aligned . However , 52 % of respondents believe the interactions between these teams requires improvement .
• Diversifying the repositories holds the key : Nearly all ( 95 %) organizations have at least one immutable or air-gapped data protection tier , 74 % use cloud repositories that offer immutability ; 67 % use on-premises disk repositories with immutability or locking ; and 22 % use tape that is air-gapped . Immutable or not , organizations noted that in addition to disk repositories , 45 % of production data is still stored on tape and 62 % goes into a cloud at some point in their data lifecycle .
Claude Schuck , Regional Director , Middle East at Veeam , said : “ The Middle East is certainly not immune to cyberattacks . The opposite is in fact true . Our region is heavily target by sophisticated hackers . Organizations are beginning to realize that ransomware attacks are in fact the same as a fullscale Disaster Recovery scenario .
“ This has helped them better plan and utilize features which Veeam provides like immutability of backups , ensuring a guaranteed recovery point .” p
84 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com