Home Digitaledge In Focus

72% of organisations have had attacks on their backup repositories

Felicia Tan
Felicia Tan5/19/2022 03:00 PM GMT+08  • 3 min read
72% of organisations have had attacks on their backup repositories
A third of those who paid the ransom were unable to recover their data, according to Veeam's study. Photo: Claudio Schwarz/ Unsplash
Font Resizer
Share to WhatsappShare to FacebookShare to LinkedInMore Share
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

A study conducted by Veeam – a backup, recovery and data management solutions provider – has found that 72% of organisations have had partial or complete attacks made against their backup repositories in 2021.

Titled Veeam 2022 Ransomware Trends Report, the study surveyed the views of 1,000 IT leaders whose organisations had been successfully attacked by ransomware at least once during the past 12 months.

Of the successful attacks made, 80% of the attackers were found to have targeted known vulnerabilities.

About 94% of the attackers tried to prevent victims from seeking their own means of recovery without paying the ransom by attempting to destroy organisations’ backup repositories. In 72% of cases, the strategy was found to have been partially successful.

The study also found that paying the ransom to attackers isn’t a surefire way to recover data. One out of three cyber-victims that paid the ransom were unable to recover their data.

See also: Putting consumer safety at the forefront of every retailer's agenda

On the bright side, 19% of victims did not pay the ransom as they were able to recover their own data. Being able to do so without being at the mercy of attackers is something organisations must aspire to.

“Paying cybercriminals to restore data is not a data protection strategy. There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity,” says Danny Allan, Veaam's chief technology officer.

“One of the hallmarks of a strong modern data protection strategy is a commitment to a clear policy that the organisation will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,” he adds.

According to Veeam, the only way to prevent attackers from breaching the system is to have at least “one immutable or air-gapped tier within the data protection framework”.

See also: Scaling up Asia's infrastructure to drive up sustainability agenda

Following the cyber attacks, 95% of the organisations surveyed stated that they now have at least one immutable or air-gapped tier, with many reporting some level of immutability or air-gap media in more than one tier of their disk, cloud and tape strategy.

“Despite the pervasive and inevitable threat of ransomware, the narrative that businesses are helpless in the face of it is not an accurate one,” says Allan.

Instead, he suggests that organisations “educate employees and ensure they practice impeccable digital hygiene”.

He adds that organisations should “regularly conduct rigorous tests of [their] data protection solutions and protocols, and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios.”

Loading next article...
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
Subscribe to The Edge Singapore
Get credible investing ideas from our in-depth stock analysis, interviews with key executives, corporate movements coverage and their impact on the market.
© 2022 The Edge Publishing Pte Ltd. All rights reserved.
Unlock unlimited access to premium articles with less than $9 per month. Subscribe Now