Legacy Technology is Undermining How Business Responds To Ransomware

New research commissioned by the data management firm Cohesity reveals that 50% of respondents in the UK say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. 

In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing organisations globally. 

Security challenges related to outdated infrastructure are compounded by the fact that many IT and security teams don’t seem to have a plan ready in place to implement when a cyber attack occurs. 

More than 62% respondents in the UK expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack. “IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset, their data,” said Brian Spanswick, chief information security officer at Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.”

Backup & Recovery Infrastructure Can Often Be Archaic 

Enterprises are using outdated technology even though managing and securing data environments has become much more complex, not just because of the exponential growth in structured and unstructured data, but because of the vast array of locations where that data is stored. 

  • Fifty percent (49.4%) of respondents in the UK said that their organisation relies on primary backup and recovery infrastructure that was designed in, or before, 2010. Among that group, 27 percent claim to use technology that was either designed between 2000-2005, or in fact, before the new millennium in the 1990s.
  • In the UK, 38% percent of respondents stated that they store data on-premises, 39% rely on public cloud storage, 50% use a private cloud, and 41% have adopted a hybrid model (some respondents are using more than one option).

The fact that many organisations are using technology to manage their data that was designed in the 1990s is alarming, given that their data can be compromised, exfiltrated and held to ransom. Furthermore, there is a big consequential risk with regulatory and compliance issues.

What Keeps IT and SecOps Teams Up at Night  

Respondents in the UK highlighted what they believe would be their biggest barriers to getting their organisation back up and running after a successful ransomware attack. The key findings are as follows: 

  • Integration between IT and security systems (41%).
  • Lack of coordination between IT and Security (37%). 
  • Lack of an automated disaster recovery system (34%).
  • Lack of and timely detailed alerts (31%)
  • Antiquated backup and recovery systems (29%).
  • Lack of a recent, clean, immutable copy of data (24%).

“Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the NIST framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface,” said Spanswick. 

These findings reinforce the importance of using next-generation data management platforms to close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors, who take great delight in exfiltrating data from legacy systems that can’t be recovered.  

Cohesity

You Might Also Read: 

Why Companies Need A Next-Gen Approach To Business Continuity:

 

« Spell-Checking In Google Chrome & Microsoft Edge Browsers Leak Passwords
Making Cyber Attack Detection Easier With Artificial Intelligence »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

CSL Group

CSL Group

CSL solutions provide complete end-to-end connectivity services for Security, Fire, Telecare and other mission critical M2M/IoT applications.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.