ANZ organisations using antiquated backup and recovery systems

Many organisations in Australia and New Zealand (ANZ) are still relying on outdated backup and recovery systems to protect their data from ransomware, according to research commissioned by data management specialist Cohesity.

The survey of more than 500 IT and security decision makers at businesses in ANZ was conducted for Cohesity by Censuswide.

A surprising 46% of respondents said their organisation relies on primary backup and recovery infrastructure that was designed in 2010 or earlier. About 20% were still using backup systems designed between 2000 and 2005, and 4% admitted continuing to rely on 1990s technology.

These old backup and recovery systems are unlikely to handle the challenges of operating a multicloud or hybrid environment (42% of respondents store data on-premises, 43% in public clouds, 54% in a private cloud, and 40% use a hybrid model), or to take advantage of the facilities provided by such environments to enhance data protection.

In addition, the massive growth in the volume of structured and unstructured data generated and stored by organisations over the intervening years can present issues for outdated backup systems.

Nor were such systems designed to handle the threats posed by today’s cyber attacks, especially those involving ransomware.

Compounding the problem is a lack of confidence in organisations’ ability to react to attacks, with 63% of respondents in ANZ expressing some level of concern that their IT and security teams would be able to mobilise efficiently to respond to an attack.

“IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data,” said Michael Alp, managing director for Australia and New Zealand at Cohesity.

“Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.”

Alp, who took up his current role in June 2022, noted that the challenge for many organisations is that “their data environment stretches across multiple places, whether it is in datacentres, cloud – public or private – and at the edge.

“As a result, they struggle to have comprehensive visibility of their data, which leads to compliance risks and undermines their security posture,” he said.

Regarding the continued use of “archaic” backup technology in today’s far more complex environments, Alp said the fact that any organisation is still using technology that was designed in the 1990s to manage their data is frightening, given that data can be compromised, exfiltrated and held hostage, creating massive compliance issues for organisations.

“With 5% of respondents saying their organisation relies on outdated data infrastructure, or does not have backup and recovery infrastructure at all, it raises the question as to how many other businesses are in the same situation?”

The survey also looked at the perceived barriers to getting an organisation back up and running after a successful ransomware attack.

A third of respondents mentioned antiquated backup and recovery systems, but the most common concern was integration between IT and security systems (37%).

That was followed by the lack of coordination between IT and security (35%), and the lack of an automated disaster recovery system (33%). Also mentioned were the lack of a recent, clean, immutable copy of data (33%), and a lack of and timely detailed alerts (31%).

Alp said: “Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the US National Institute of Standards and Technology (NIST) framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface.

“Next-generation data management platforms can close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors who take great delight in exfiltrating data from legacy systems that can’t be recovered.”