Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
Cyberstorage gained more attention in the media in 2021 with the rise in data storage hacks, ransomware attacks, and cases of immutable storage erased. As these types of attacks increase, the “business value” of data continues to grow. That’s probably one of the main reasons why attacks on data are still the greatest cybersecurity threat to organizations.
Another is that hackers realize that most organizations’ storage and backup systems are still at risk. Here at Continuity, we ran surveys last year that showed that on average, enterprise storage devices have 16 security misconfigurations – three of which are critical. That means we still have a lot of work to be done educating organizations on the risks to their storage and backup systems.
Keeping this in mind, I wanted to share a few of my predictions for 2022:
2021r demonstrated that organizations are still failing to keep up with the ability of cybercriminal groups to innovate and adapt to new technology. That means that in 2022 we can expect to see more attacks – especially ransomware, as well as a sharp increase in the average cost per incident.
In addition to ransomware, supply-chain attacks can damage much more than a single organization. These types of attacks involve compromising an organization’s code to infiltrate its customers, employees, and partners. They can also execute record-level manipulation that could be used to exfiltrate funds or impact the medical treatment patients receive. That’s why supply chain attacks can quickly impact entire industries and economies.
Cybercriminal groups will also expand the scope of their attacks. Modern criminal groups will target not only endpoints and servers, but also central storage systems and their backup infrastructure.
By successfully infiltrating these new targets, they can:
Organizations have many misconceptions about the security of their storage systems and backups which leave them susceptible to compromise.
First, they believe that their storage systems are too obscure and too embedded in their datacenter to be penetrated from the outside. Unfortunately, storage systems are one of the weakest links and easy for hackers to access.
Second, they still believe that backups provide bulletproof recovery, but backup environments are more complex than most security executives realize. Most data recovery relies on multiple tiers that offer different layers of protection, each with its own recovery speed (which is another issue with backups).
Finally, organizations also believe that existing risk detection and mitigation strategies are sufficient to detect sophisticated attacks on storage and backups that tamper with the backup process itself. This is a dangerous misconception because if these systems are not reinforced, isolated, and secured properly – even the most advanced backup systems can be bypassed.
For these reasons, we shouldn’t be surprised if in 2022:
Organizations report that they are now starting to pay much more attention to their storage and backup security than ever before. In a recent study we conducted among CISOs from 200 financial services around the globe, more than two-thirds confirmed that auditors were recently hired to review their storage and backup systems.
We’re expecting to see much stricter national and international guidance to organizations to tighten their data protection solutions and to avoid negotiating with criminals.
Organizations will start to understand the need to secure their storage and backup environments more systematically. In other words, organizations will require better auditing, testing, and mapping of their storage and backup assets, as well as the ability to better assess data sensitivity, its importance and define the requirements for data protection.
Gartner and NIST have made the following recommendations which I believe will start to be implemented more in the coming year:
So that wraps up our predictions for 2022. As we approach the start of a new year, it will definitely be interesting to see how these predictions unfold. In the meantime, there are actions your organization can take to reduce the risk of attacks on its data storage and backup systems. For example, you can start by assessing your storage and backup cyber resilience. You’ll get a maturity score to measure your data storage and backup security, and receive practical recommendations to help you build an operational plan for 2022.
It’s time to automate the secure configuration of your storage & backup systems.