Five Reasons Why Storage and Backup are Cybersecurity’s Weakest Links

A lot of money is being spent to proof up the enterprise against intrusion. Ransomware protection is currently in the spotlight – and with good reason. But organizations are also investing heavily in technologies such as Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), Next Generation Firewalls, and AI-based threat detection tools. These defenses clearly add value. Yet they may fail to prevent attacks due to the abundance of security holes in storage and backup systems that are being actively exploited by cybercriminals.

Here are five reasons why storage and backup are cybersecurity’s weakest links, and why organizations need to prioritize the security of these systems to thwart ransomware and prevent attacks:

1. Complacency About Storage and Backup Security

It is a popular misconception that storage and backup systems such as those offered by Dell EMC, NetApp, or Cohesity are buried too deep in the enterprise for the bad guys to reach. This is simply not the case.

In incident after incident, criminals have gained administrative privileges and managed to find their way into storage systems or have been able to cripple backup systems. From there, they have no trouble compromising sensitive information, exfiltrating data directly off the backup targets (thereby completely evading Data Loss Prevention tools), and holding the organization to ransom.

Despite abundant press about the consequences of such breaches and the obvious holes that exist in storage and backup systems, the misconception persists. Part of the reason may be the knowledge gap. Many security professionals lack understanding of storage and backup, while storage and backup managers often have insufficient understanding of security principles.

Whatever the reason, storage and backup systems remain among the most poorly protected in the enterprise.

2. Perimeter Obsession

The security picture today could be likened to a home where the owners build a huge fence, install cameras, alarms, and sensors at the front but leave a bathroom window open. Thieves can then come in via a neighbor’s yard, enter via the bathroom and take what they want. Despite the owners spending a fortune to keep criminals out, the bad guys were able to slip in and out with ease. The homeowner’s obsession with incursions from the street led them to miss an obvious point of weakness.

It is the same in storage and backup. When cybercriminals find data protected all along the perimeter with an array of security tools, they look for an easier way in.

Storage and backup vulnerabilities and security misconfigurations are becoming the go-to tactic to exfiltrate data and compromise the ability of an organization to recover from an attack.

3. Storage and Backup Misconfigurations are Rife

A 2021 study of over 400 high-end storage devices detected more than 6,000 discrete storage vulnerabilities, backup misconfigurations, and other security issues among storage and backup systems.

At the device level, the average enterprise storage device has around 15 security vulnerabilities with at least three meriting a high or critical risk rating.

This is evidence that storage and backup systems have a significantly weaker security posture than the compute and network infrastructure layers – and the bad guys know it.

4. Vulnerability scanning Tools Miss Obvious Storage and Backup Vulnerabilities

There are a great many patch management and vulnerability management tools out there. They continually inventory and scan networks and systems for potential issues. They do a fine job with operating systems (OSes) and enterprise applications. However, they often miss Common Vulnerability and Exposures (CVEs) related to storage and backup.

Perhaps this is due to the complacency factor mentioned earlier. There are currently thousands of active CVEs out there that related to storage and backup. Some of them can be used to exfiltrate files, initiate denial-of-service attacks, take ownership of files, and block devices, and delete data. Overall, about 20% of storage devices are exposed on average and can be attacked successfully by ransomware.

5. Storage Security Features Not Implemented

Enterprise storage systems are increasingly offering ransomware detection and come with many other prevention capabilities. Some include the capability to lock retained copies, protect critical data from tampering and deletion, or air gap data. However, in breach after breach, such features were found to either not be implemented or were misconfigured, leaving the organization exposed to the threat of ransomware.

How to Harden Storage and Backup Security

When malware gains entry, storage and backup systems are the last line of defense. They need to be fully secured to protect data and ensure recoverability.

Continuity’s StorageGuard ensures that storage and backup systems will not be the weakest link in cybersecurity. It provides a comprehensive approach to the scanning of data storage, storage management, and backup systems to detect and remediate vulnerabilities and security misconfigurations.

NIST Special Publication on Securing Storage

The guide – co-authored by Continuity’s CTO – provides an overview of the evolution of storage technology, recent security threats, and the risks they pose.