Legacy Technology is Undermining How Business Responds To Ransomware

New research commissioned by the data management firm Cohesity reveals that 50% of respondents in the UK say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. 

In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing organisations globally. 

Security challenges related to outdated infrastructure are compounded by the fact that many IT and security teams don’t seem to have a plan ready in place to implement when a cyber attack occurs. 

More than 62% respondents in the UK expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack. “IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset, their data,” said Brian Spanswick, chief information security officer at Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.”

Backup & Recovery Infrastructure Can Often Be Archaic 

Enterprises are using outdated technology even though managing and securing data environments has become much more complex, not just because of the exponential growth in structured and unstructured data, but because of the vast array of locations where that data is stored. 

  • Fifty percent (49.4%) of respondents in the UK said that their organisation relies on primary backup and recovery infrastructure that was designed in, or before, 2010. Among that group, 27 percent claim to use technology that was either designed between 2000-2005, or in fact, before the new millennium in the 1990s.
  • In the UK, 38% percent of respondents stated that they store data on-premises, 39% rely on public cloud storage, 50% use a private cloud, and 41% have adopted a hybrid model (some respondents are using more than one option).

The fact that many organisations are using technology to manage their data that was designed in the 1990s is alarming, given that their data can be compromised, exfiltrated and held to ransom. Furthermore, there is a big consequential risk with regulatory and compliance issues.

What Keeps IT and SecOps Teams Up at Night  

Respondents in the UK highlighted what they believe would be their biggest barriers to getting their organisation back up and running after a successful ransomware attack. The key findings are as follows: 

  • Integration between IT and security systems (41%).
  • Lack of coordination between IT and Security (37%). 
  • Lack of an automated disaster recovery system (34%).
  • Lack of and timely detailed alerts (31%)
  • Antiquated backup and recovery systems (29%).
  • Lack of a recent, clean, immutable copy of data (24%).

“Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the NIST framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface,” said Spanswick. 

These findings reinforce the importance of using next-generation data management platforms to close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors, who take great delight in exfiltrating data from legacy systems that can’t be recovered.  

Cohesity

You Might Also Read: 

Why Companies Need A Next-Gen Approach To Business Continuity:

 

« Spell-Checking In Google Chrome & Microsoft Edge Browsers Leak Passwords
Making Cyber Attack Detection Easier With Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

Virtual IT Group (VITG)

Virtual IT Group (VITG)

VITG is a cyber security-focused Managed Service Provider (MSP).