David Bennett, CEO at Object First, explains how, amidst a rapidly evolving cybersecurity landscape, a new and disruptive backup strategy is needed – immutable storage.
Following World Backup Day this year, IT admins will have been reflecting on the importance of protecting their businesses’ data and being prepared for any data recovery scenario. High-profile incidents, such as customer passwords being accessed at Dropbox or the fact that inadequate strategies have led to nearly half of UK SMEs losing access to data since 2019, have magnified this issue even further.
But for too long, backing up your data has been seen as an unglamorous, basic data management tactic and, at worst, a budgeted recommendation given after an incident has already taken place. It’s long been time for businesses to flip the script on this narrative and turn a new page in their approach.
Software and administration alone are not enough in an age of unprecedented cyber security threats. Corporate ransomware attacks reached an all-time high in 2024, with 93% of attacks targeting backups. With a never-ending amount of data to protect, IT organisations must re-evaluate how backup software and storage can be properly and proactively deployed to ensure an always-evolving cyber resiliency standard.
Admins are investing in secure, simple, and powerful immutable backup storage to enhance their data protection posture. Moreover, on-prem immutable solutions are now being touted as the first line of defence, offering immediate local protection against ransomware and affordable rapid recovery.
But what do IT teams and admins need to disrupt the current narrative and ensure true resilience against attacks?
Combining simplicity and security is critical
Ensuring robust and resilient cyber security is key. However, solutions that promise to ‘reinvent the wheel’ can often be complex, difficult to manage, and time-consuming to set up.
Instead, immutable backup storage solutions offer immediate protection against ransomware. Immutability guarantees data can’t be altered, deleted, or overwritten for a set period once it’s written. Most immutable solutions use an ‘object lock’ mechanism that can prevent unintentional or deliberate modifications.
Additionally, this approach ensures simplicity for the end-user too. There’s often no additional security expertise to manage, and when a zero-access policy is in place, even the most privileged admin cannot disable immutability or factory reset the device, significantly reducing the risk of insider threats. Immutability combines the best of both worlds – a security strategy that is effective and straightforward to deploy.
Understanding the business impact of ransomware
Thanks to advancements in technology, hackers are becoming much more sophisticated and have been able to extort vast amounts of money from individuals and businesses. In 2023 alone, ransomware payments hit a record high of $1.1 billion – a number that’s expected to rise this year. It’s clear that cybersecurity is no longer just an issue for IT managers and their teams, it’s an issue that everyone in any organisation needs to take seriously.
Cybersecurity breaches can have an enormous financial impact. Not only can data be held by threat actors for ransom, but any downtime experienced can stop activity in its tracks, leading quickly to lost economic revenue. However, the reputational hit that follows a cyberattack can be just as ruinous. In fact, in the UK, the average total cost of a data breach was $3.72 million, with $1.57 million of this figure attributed to reputational costs such as lower customer confidence or a decrease in share price. When Facebook was the victim of a data breach in 2018, its stock dropped 7%, leading to billions of dollars being shaved off its market value.
Unfortunately, many leaders only realise the severity of cybercrime once the worst has happened. In 2024, we are already seeing data recovery and resiliency decisions elevated well beyond IT administrators and into the boardroom. Senior executives are realising that data breaches are becoming more common, advanced, and detrimental.
The role of remote work and employee wellbeing
Remote working has been revolutionary for companies in almost every industry. They are now able to employ a global workforce and collaborate in real-time without needing to be in the same office, and employee well-being has thrived for many with increased work-life balance.
However, it has also paved the way for cybercriminals to exploit vulnerabilities within company software. As more employees work from home and use their own WiFi systems or shadow IT practices like saving company data on personal computers, cybercriminals have easier access to sensitive information that isn’t protected. In the UK, 59% of businesses agree that they are now more vulnerable to attacks due to employees working remotely.
That’s why immutable backup storage is key in today’s hybrid working world. IT administrators can deploy it across all company devices and software and ‘lock’ data in place, meaning it can’t be moved or altered. This not only reduces the risk of shadow IT and employees accessing it on their personal devices, but it also means only a very limited number of people can modify the data, keeping out malicious actors both inside and outside the organisation.
Preparing for changes to the cyber insurance market
As cyberattacks continue to grow in frequency and severity, the insurance market will likely require improved cyber resilience.
The features of immutability, compared to traditional solutions, are much more resistant to hackers’ tactics. Apart from its read-only ability, immutable backup storage also cannot be encrypted by ransomware. In the unfortunate event that hackers gain access to company systems, data that cannot be encrypted means threats are much less effective, and the data isn’t as valuable to cybercriminals. Data cannot be deleted when using an immutable storage solution, so it’s always available when needed.
Following several high-profile IT outages in recent months in the UK, from supermarkets to airports and passport control, the consequences of these types of outages can be severe. However, with immutability, business continuity is always guaranteed as there is no downtime or rebooting of systems required to access data. This also means businesses won’t suffer huge financial losses by disrupting activity or needing to take solutions offline.
Lastly, immutable backup storage will also help insurance claims as it uses cryptographic hashes to verify whether data has been tampered with or not. Insurance firms can, therefore, double-, triple-, or even quadruple-check whether data has been compromised or not. The cyber security landscape has been rapidly evolving for years.
As tactics become more sophisticated and ransom payments increase, leaders must challenge the traditional narrative and invest in immutable backup storage. Leaders cannot wait for disaster to hit to take action — they need to be proactive and put defences up now if they want to write a new chapter in their business success story.