As the need for multi-cloud adoption has increased with remote working, businesses have become more vulnerable to ransomware attacks.
Ransomware attacks are malicious attacks on vulnerable IT systems that attempt to prevent organisations from accessing their data. Attackers can then ask the organisation for a ransom in order to return access to the data.
In Australia, 45 per cent of businesses have experienced a ransomware attack.
“There’s been a greater increase in the use of cloud and cloud offerings, which means more IT complexity. The underlying challenge is complexity. Coupled with organisations not getting access to data centres because of COVID-19, we see attacks increasing,” said Howard Fyffe, Managing Director at Veritas Technologies.
However, organisations are not keeping pace with the security updates required for expanding cloud architecture.
A September 2020 Global Ransomware Resiliency Report from Veritas found that only slightly more than a third of companies had three or more copies of their data, including one copy off-site, separate from their data centre.
Moreover, less than half of companies had tested their disaster recovery plan in the past two months.
The report received responses from 150 senior IT executives at companies of 1000 or more employees around the world.
“Many organisations needed to empower remote working across a wider portfolio of applications than ever before and, with limited access to their on-premise IT infrastructure, turned to cloud deployments to meet their needs,” said Mr Fyffe.
“We’re seeing a lag between the rapid expansion of the threat surface that comes with increased multi-cloud adoption, and the deployment of data protection solutions needed to secure them.”
The level of security that your business needs depends upon it resiliency profile.
Each business will have a recovery time objective, which measures how long you can go without your data, and a recovery point objective, whether you can afford to lose your data.
Whilst some businesses could withstand quick data outages, this could be fatal to other businesses.
“Think about big enterprises or logistics that deliver food. They can’t wait for backup,” said Mr Fyffe.
“The Australian Cyber Security Centre has laid out their Essential Eight baseline strategies to protect against Cyber Security Threats. Number Eight calls out the need for daily backup of all workloads.”
However, businesses must distinguish between backing up and replicating data.
“Many organisations don’t realise that their emails aren’t actually backed up. When emails are moved to the cloud, the cloud provider is replicating it but isn’t backing it up,” said Mr Fyffe.
“For less than a cup of coffee a month, you can have your data protected and also unlimited support. What you’re paying for is to get the data back.”
In addition, companies must store data in multiple locations.
“Data should be available in multiple clouds, on and off premise, and so if you lose one cloud there are other different ones that can provide intelligence,” said Mr Fyffe.
Even if your business has been running smoothly, constant tests and training are essential to good cyber security.
“A lot of people don’t test until they have a problem. It’s important to check on your ability to restore data in a required timeframe once in a while.”