How secure are your data backups systems ?
Just because organisations have backup systems in place does not always mean their data is fully protected in the wake of a loss-causing event says Dr Johannes at SANS Technology Institute .
It is no secret that backup systems are critical to preserving sensitive data files from ransomware , theft , sabotage , and accidental loss . However , it is important to remember that merely leveraging backups is not the end-all-be-all solution to a challenge riddled with complexity . Just because organisations have backup systems in place does not always mean their data is fully protected in the wake of a loss-causing event . And amid sharp rises in the volume and velocity of attacks , the consequences of poor data backups are too severe to overlook .
For example , IBM ’ s 2022 Cost of a Data
Breach Report found :
• Globally , the average total cost of a data breach increased by 13 % YoY to a recordhigh $ 4.3 million in losses .
• The average duration of identifying and containing a data breach lasted more than 275 days , equivalent to over nine months of downtime .
As attackers have grown more skilled and sophisticated , they are now leveraging hard-to-detect tactics , techniques , and procedures that capitalise on backup system vulnerabilities to either steal data or disrupt recovery operations .
Dr Johannes , Dean of Research , SANS Technology Institute
Remote access backups , for instance , are often reliant on password protections . Due to poor password hygiene or the absence of two-factor authentication , these backup systems can be easy targets for threat actors to utilise as attack vectors against protected systems .
When exploited , backup software vulnerabilities can also compound into giving attackers direct access to live system environments . Take the CVE-2022-36537 vulnerability that was publicised in early 2023 for example . Threat actors used it to access additional servers that were backed up on the same system , essentially surfing backward into live environments to exfiltrate data and distribute malware .
That very same scenario is impacting organisations of all sizes or sectors , heightening the criticality of effectively implementing safe and secure backup system storage to maximise protection and agility . Organisations should consider data assets at risk if they are not backed up in at least three different locations . It does not help to have three copies of data using the same cloud provider , even if the data is in
38 www . intelligenttechchannels . com