Most IT Shops Have Latent Cyberthreats in Their Backups

Traditional solutions aren’t stopping cyberthreats from compromising critical network systems

It’s alarming but true: Your organization is under assault. Cybercriminals have their sights set on your IT systems, and no matter what steps you take to protect it, they keep coming up with new ways to strike. The attacks that companies report from malware, ransomware, phishing, malicious email and data extraction continue to multiply at a scary rate each year. The actual scope is likely much higher in magnitude when considering all of the incidents that go unreported.

Though the most-publicized incidents involve big-name enterprises, midsized and smaller companies are constant targets. For example, close to 55% of small and midsized companies participating in a recent Ponemon Institute study said they were attacked by ransomware in a single year, sometimes repeatedly.

Threats from the outside world aren’t the only risk. Internal dangers exist as well. Some of the “bad guys” may also happen to be on your payroll, and those malicious or disgruntled employees know just how to penetrate or bypass your defenses.

Clearly, vulnerabilities and the complexity of these threats will continue to climb, while IT budgets and staff shrink. To stay ahead of cyberattacks, companies must adopt new approaches.

Traditional Defenses are Not Enough

Most organizations depend on firewalls and antivirus solutions to ward off attacks, and those tools do avert countless disasters—but not all of them. Nearly 70% of small and midsized businesses surveyed for the Ponemon study reported a cyberattack that evaded their intrusion detection systems, and more than 80% said malware slipped past their antivirus software.

When threats make it past those defenses, IT trusts that their backups and disaster recovery systems will save the day—but cyberattacks in production that aren’t resolved quickly will likely propagate into your backups. Depending on the frequency of restore points taken, you will inevitably suffer some compromise and/or reinfection when using the latest backup.

Pinpointing the timing of attacks is a big challenge. A 2018 benchmark study sponsored by IBM revealed the mean time to identify a data breach incident was 197 days, and it took another 69 days to contain it! This entire time, cyberthreats are contaminating backups and threatening your ability to restore operations. Breaches often cascade across corporate networks and compromise a range of systems and databases, further complicating recovery. With the growing sophistication of malware, it can take enormous manual effort to test all system components and determine if any of your backups are safe. No IT shop has the time and resources for that.

Larger organizations have the resources to implement security incident and event management (SIEM) solutions, which collect vast amounts of data from endpoints. Arrays of sensors can be integrated to provide rich security data for many types of cyber-analytics. But big data platforms are complex to deploy and manage, and even advanced IT shops can’t keep up with the sheer volume of flags and false positives. Unfortunately, hidden in the sea of alerts are cyberthreats that are undetected.

Regardless of whether a company has advanced cybersecurity tools and specialized personnel, the fact remains that traditional solutions aren’t stopping threats from compromising critical network systems. While backup and disaster recovery (DR) systems are considered to be the safety net, today’s cyberattacks are smart enough to pose significant risk to data protection systems.

Automation is the Answer

To be truly effective, backup and disaster recovery systems need to be managed as critical infrastructure. Backups must be tested and analyzed in a much more systematic and sophisticated manner than is typical today. However, without next-generation tools, the task is too demanding for overextended IT teams who have many other responsibilities.

Next-generation cybersecurity automation and analytics for data protection systems can guide organizations to hidden security problems in their backup and DR repositories that need immediate remediation. For example, with the latest automation, backup data sets can be efficiently analyzed for a wide range of cyberthreats, including latent compromises, and the results can be prioritized by severity across the entire data protection environment. IT teams can identify and counteract hidden anomalies or malicious threats that may have been lurking undetected, and detailed remediation instructions provide the path to fix the problems at the source.

Because backup data is offline, every restore point can be tested automatically and analysis won’t impact production environments. Utilizing backup and replication data sets for cybersecurity purposes is a completely new approach to attaining a multi-layered, security program at a price point that’s practical for all IT shops, not just those with enterprise security budgets.

Data transformation, security fingerprinting, machine learning, advanced analytics … all have found their way into new approaches that automatically analyze backup and replication data in near real-time. Attacks can also be pinpointed as they take place with threat intelligence feeds. Further, suspicious behavior and latent malware can be identified, accompanied by a risk profile and remediation options. As a result, problems can be resolved long before backups or replicas are needed to counter a disaster. These next-gen cyber tools will enable data protection systems to deliver the rapid recovery they are intended to provide.

Backup files and their metadata possess context-rich cybersecurity data that can enable an organization to heighten security without undue manual effort. That said, it’s only a matter of time before we see intelligent, fully automated tools that utilize granular backup and replication data become standard for detecting compromises and irregularities that jeopardize fast recovery.

Cyber Call to Action: It Can’t Wait

With constrained IT budgets and shrinking IT teams, organizations—especially small and midsized companies—will have limited resources to spot, triage and remediate the range of new cybersecurity threats unless new technology is applied. Correlating threat intelligence feeds and backup data utilizing automation and innovation is the only practical way to tackle the continuous cybersecurity problem with limited, if any, increases to IT resources.

Industry trends underscore the urgent need for more innovative approaches to cyberthreat detection and remediation, including data protection systems. With this in mind, forward-looking IT shops should begin turning to the backup and replication data sets already being captured to create a more robust, cost-effective cybersecurity strategy to protect critical business operations and effectively respond to the sophisticated threats now affecting virtually every company, every day.

Lynn LeBlanc

Avatar photo

Lynn LeBlanc

Lynn LeBlanc is CEO and founder of HotLink Corporation. She has nearly 30 years of enterprise software and technology experience at both Fortune 500 companies and Silicon Valley start-ups. Prior to founding HotLink, Lynn was founder and CEO of FastScale Technology, an enterprise software company acquired by VMware, Inc.

lynn-leblanc has 1 posts and counting.See all posts by lynn-leblanc