Connect with us

Market Research

Veeam’s Data Protection Trends Report 2022 Says 67% of Businesses Are Turning to Cloud-Based Solutions to Protect Data

Published

2 years ago

on

The disconnect between business expectations and IT’s ability to deliver has never been more impactful, according to the Veeam – Data Protection Trends Report 2022, which found that 89% of organizations are not protecting data sufficiently. Veeam Software found that 88% of IT leaders expect data protection budgets to rise at a higher rate than broader IT spending as data becomes more critical to business success and the challenges of protecting it grow in complexity. More than two-thirds are turning to cloud-based services to protect essential data.

The Veeam Data Protection Trends Report 2022 surveyed more than 3,000 IT decision-makers and global enterprises to understand their data protection strategies for the next 12 months and beyond. The largest of its kind, this study examines how organizations are preparing for the IT challenges they face, including a huge growth in the use of cloud services and cloud-native infrastructure, as well as the expanding cyber-attack landscape and the steps they are taking to implement a Modern Data Protection strategy that ensures business continuity.

“Data growth over the past two years [since the pandemic] has more than doubled, in no small part to how we have embraced remote working and cloud-based services and so forth,” said Anand Eswaran, Chief Executive Officer at Veeam. “As data volumes have exploded, so too have the risks associated with data protection; ransomware being a prime example. This research shows that organizations recognize these challenges and are investing heavily, often due to having fallen short in delivering the protection users need. Businesses are losing ground as modernization of ‘production’ platforms is outpacing their modernization of ‘protection’ methods and strategies. Data volumes and platform diversity will continue to rise, and the cyber-threat landscape will expand. So, CXOs must invest in a strategy that plugs the gaps they already have and keeps pace with rising data protection demands.”

Regional Perspective
According to the study, 80% of UAE organizations and 82% of Saudi organizations have a protection gap between how much data they can afford to lose after an outage and how frequently data is backed up. In addition, 80% of UAE organizations and 76% of Saudi organizations have an availability gap between their expected SLAs and how quickly they can return to productivity. Moreover, 98% of UAE organizations and 97% of Saudi organizations experienced unexpected outages within the last 12 months. On average, 17% of UAE organizations’ and 18% of Saudi organizations’ data is left completely unprotected.

“The UAE and Saudi (the two biggest IT markets in the Middle East) findings of the Veeam Data Protection Trends Report 2022 largely mimics the global results, which find that the gap between business expectations and IT delivery, when it comes to data protection, continues to widen and has never been worse. As the proportion of applications that organizations consider mission-critical increases, so too does the volume and variety of cybersecurity threats. Entire industries face a data protection emergency and businesses across the world are looking for ways to accelerate their strategies to protect data, remediate cyber-attacks and recover from systems outages,” said Claude Schuck, Regional Director, the Middle East at Veeam Software.

When it comes to ransomware, 86% of UAE organizations and 84% of Saudi organizations suffered ransomware attacks, making cyber-attacks one of the single biggest causes of downtime for the second consecutive year. Per attack, organizations in UAE were unable to recover 34% of their lost data on average, while Saudi organizations were unable to recover 37% of their lost data on average. Furthermore, 81% of UAE organizations and 81% of Saudi organizations were unable to recover at least some of the data they had lost.

“To be fully transformative, Middle East enterprises need to be anchored with key technologies provided by virtualization, hybrid cloud, and Kubernetes. Companies who succeed in accelerating their adoption of a Modern Data Protection strategy will put in place solid foundations to gain a competitive advantage from digitization. It will enable them to experience the lower cost points and flexibility of the public cloud, leverage the security and proximity of the private cloud, and fast-track their development cycles by deploying Kubernetes, with the assurance that their data is protected across their entire infrastructure,” Schuck added.

Speaking about the impact of ransomware attacks on regional businesses, Schuck asserted that for Middle Eastern businesses to win the ransomware battle, they must possess the capability for education, implementation, and remediation. According to him, the best remedy for a security breach is prevention. “This can be improved through education of employees, ensuring that cyber-attackers are not being gifted access to the data and systems they need to initiate a ransomware attack. The next strategy is the implementation of offsite and offline backups to mitigate the effects of ransomware. Veeam advocates the 3-2-1-1-0 rule,” Schuck added. “There should always be at least three copies of important data, on at least two different types of media, with at least one off-site, one offline, with zero unverified backups or backups completing with errors. Finally, businesses need a plan for remediation. Do not pay the ransom. The only option is to restore data. Implementing a full Backup and Disaster Recovery plan gives organizations the ability to recover data in event of a ransomware attack, minimizing the risk of financial and reputational damage.”

When it comes to the need for modern data protection in the Middle East, 88% of UAE organizations and 86% of Saudi organizations plan to increase their data protection budgets during 2022 – spending an average of around 7% more than in 2021. “It is clear from the survey that businesses in the Middle East are investing more and taking steps to ensure that their organizations’ data protection strategy is fit for purpose given the continual increase in data criticality and constantly evolving threat landscape. To provide a strong foundation for Digital Transformation, IT leaders must implement robust Modern Data Protection strategies at the lowest possible cost. The “new normal” for modern IT is approximately 50/50 between on-premises servers and cloud-hosted servers,” added Schuck.

In addition, 52% of UAE organizations’ data infrastructure is currently located in the data center, with 48% now hosted in the cloud. 49% of Saudi organizations’ data infrastructure is currently located in the data center, with 51% now hosted in the cloud. Furthermore, 69% of UAE organizations and 76% of Saudi Arabian organizations are already running containers in production, while 29% and 22% respectively plan to do so in the next 12 months.

As such, an optimal and future-proof data protection strategy needs to accommodate physical, virtual, and multiple cloud-hosted or cloud-native options. It should give businesses confidence that their data is protected and always available across all production platforms. Through a single backup and data management platform for cloud, virtual, physical, SaaS and Kubernetes, Modern Data Protection enables organizations to modernize backup and recovery, secure data against ransomware, and improve application performance.  All of which lead to improved business efficiency and cost-effectiveness,” concluded Schuck.

The data protection gap is widening
Respondents stated that their data protection capabilities cannot keep pace with the demands of the business, with 89% reporting a gap between how much data they can afford to lose after an outage versus how frequently data is backed up. This has risen by 13% in the past 12 months, indicating that while data continues to grow in volume and importance, so do the challenges in protecting it to a satisfactory level. The key driver behind this is that the data protection challenges facing businesses are immense and increasingly diverse.

For the second year in a row, cyberattacks have been the single biggest cause of downtime, with 76% of organizations reporting at least one ransomware event in the past 12 months. Not only is the frequency of these events alarming, so is their potency. Per attack, organizations were unable to recover 36% of their lost data, proving that data protection strategies are currently failing to help businesses prevent, remediate and recover from ransomware attacks.

“As cyberattacks become increasingly sophisticated and even more difficult to prevent, backup and recovery solutions are essential foundations of any organization’s Modern Data Protection strategy,” said Danny Allan, CTO at Veeam. “For peace of mind, organizations need 100% certainty that backups are being completed within the allocated window and restorations deliver within required SLAs. The best way to ensure data is protected and recoverable in the event of a ransomware attack is to partner with a third-party specialist and invest in an automated and orchestrated solution that protects the myriad data center and cloud-based production platforms that organizations of all sizes rely on today.”

Businesses face a data protection emergency
To close the gap between data protection capabilities and this growing threat landscape, organizations will spend around 6% more annually on data protection than broader IT investments. While this will only go some way to reversing the trend of data protection needs outpacing the ability to execute, it is positive to see CXOs acknowledge the urgent need for Modern Data Protection.

As the cloud continues its trajectory to becoming the dominant data platform, 67% of organizations already use cloud services as part of their data protection strategy, while 56% now run containers in production or plan to in the next 12 months. Platform diversity will expand during 2022, with the balance between data center (52%) and cloud servers (48%) continuing to close. This is one reason 21% of organizations rated the ability to protect cloud-hosted workloads as the most important buying factor for enterprise data protection in 2022 and 39% believe IaaS/SaaS capabilities to be the definitive attribute of Modern Data Protection.

“The power of hybrid IT architectures is driving both production and protection strategies through cloud-storage and Disaster Recovery utilizing cloud-hosted infrastructure,” concluded Allan. “The benefits of investing in Modern Data Protection go beyond providing peace of mind, ensuring business continuity and maintaining customer confidence. To balance expenditure against strategic digital initiatives, IT leaders must implement robust solutions at the lowest possible cost.”

Other key findings from the Veeam Data Protection Trends Report 2022 include:

  • Businesses have an availability gap: 90% of respondents confirmed they have an availability gap between their expected SLAs and how quickly they can return to productivity. This has risen by 10% since 2021.
  • Data remains unprotected: Despite backup being a fundamental part of any data protection strategy, 18% of global organizations’ data is not backed up — therefore, completely unprotected.
  • Human error is far too common: Technical failures are the most frequent cause of downtime with an average of 53% of respondents experiencing outages across infrastructure/networking, server hardware and software. 46% of respondents experienced cases of administrator configuration error, while 49% were hindered by accidental deletion, overwriting of data or corruption caused by users.
  • Protecting remote workers: Only 25% of organizations utilize orchestrated workflows to reconnect resources during a disaster, while 45% run predefined scripts to reconnect resources running remotely in the event of downtime and 29% manually reconfigure user connectivity.
  • Economic drivers remain critical: When asked about the most important factors when purchasing an enterprise data solution, 25% of IT leaders are motivated by improving the economics of their solution.
Related Topics:
Continue Reading

Cyber Security

Kaspersky Reports Growth in Gamer Cyberattacks in 2023

Published

1 month ago

on

November 7, 2023

By

The global gaming community, which currently accounts for nearly half of the world’s population, has found itself increasingly under fire by cybercriminals, according to a comprehensive investigation by Kaspersky. In the period spanning from July 2022 to July 2023, the cybersecurity company discovered the growing vulnerability of the gaming user base. Cybercriminals exploited this vast community to access personal data, launching a range of attacks, including web vulnerabilities, Distributed Denial of Service (DDoS) attacks, cryptocurrency mining, and complex Trojan or phishing campaigns.

In the period from July 1, 2022, to July 1, 2023, Kaspersky’s solutions detected a substantial 4,076,530 attempts to download 30,684 unique files masked as popular games, mods, cheats, and other game-related software. These incidents affected 192,456 users worldwide. These files – primarily classified as unwanted software and often labelled as not-a-virus:Downloader (89.7%), – are not innately perilous, but they are capable of downloading various other programs, even malicious ones, onto the user’s device. Adware (5.3%) and Trojans (2.4%) were also noteworthy threats to desktop gamers.

Minecraft emerged as the favoured target among cybercriminals, responsible for triggering 70.3% of all alerts. The threats using Minecraft as bait impacted 130,619 players across the globe during the reporting period. Roblox was the second most targeted game title, contributing to 20.4% of all alerts affecting 30,367 users. Counter-Strike: Global Offensive (4.8%), PUBG (2.9%), Hogwarts Legacy (0.6%), DOTA 2 (0.5%), and League of Legends (0.3%) were also among the prominent games subjected to cyber threats.

The mobile gaming community, which, according to the Newzoo 2023 report consists of over three billion gamers or nearly 40% of the world’s population, is characterized by its significant growth and accessibility and has become an enticing target for cybercriminals. Between July 1, 2022, and July 1, 2023, Kaspersky documented 436,786 attempts to infect mobile devices, impacting 84,539 users.

Various game titles were employed as bait to target mobile gamers. Minecraft enthusiasts once again were the primary targets, as 90.4% of attacks focused on the 80,128 gamers who fell victim. Indonesian users in particular faced exploitation through Minecraft, resulting in a Trojan.AndroidOS.Pootel.a attack, discreetly registering mobile subscriptions. Iran witnessed the highest prevalence of these attacks, with 140,482 alerts impacting 54,467 Minecraft players.

PUBG: Battlegrounds Battle Royale, was the second most exploited mobile game among cybercriminals, accounting for 5.09% of all alerts, with the majority of incidents originating from Russian Federation users. Roblox (3.33%) ranked third in terms of detections but second in the number of affected users.

A noteworthy discovery involves the emergence of SpyNote, a spy Trojan distributed among Roblox users on the Android mobile platform under the guise of a mod. This Trojan exhibits various spying capabilities, including keylogging, screen recording, video streaming from phone cameras, and the ability to impersonate Google and Facebook applications to deceive users into divulging their passwords.

Phishing and counterfeit distribution pages continue to pose a significant threat to gamers. Malicious and undesired software often masquerades as popular games, disseminated through third-party websites offering pirated versions. These deceptive pages typically display inflated download counts, potentially misleading users into a false sense of security. Nonetheless, clicking the download button typically results in an archive that may contain harmful or unrelated elements, diverging from the promised content.

“In the dynamic gaming industry, which hosts a wealth of personal and financial data, cybercriminals are seizing enticing opportunities. They exploit gaming accounts by pilfering in-game assets, and virtual currency, and selling compromised gaming accounts, often with real-world value. The relentless pursuit of personal data has led to a surge in ransomware attacks, even affecting professional gamers who depend on uninterrupted play. This underscores the critical need for enhanced cybersecurity awareness within the gaming community,” comments Vasily Kolesnikov, a cybersecurity expert at Kaspersky.

To stay safe while gaming, here are some recommendations:

  • It is safer to download your games from official stores like Steam, Apple App Store, Google Play or Amazon Appstore only. Games from these markets are not 100 % secure, but at least they are checked by store representatives and there is some kind of screening process: not every app can be made available in these stores.
  • If you wish to buy a game that is not available through the main stores, purchase it from the official website only. Double-check the URL of the website and make sure it is authentic.
  • Beware of phishing campaigns and unfamiliar gamers. Do not open links received by email or in a game chat unless you trust the sender. Do not open files you get from strangers.
  • Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
  • A strong, reliable security solution will be a great help to you, especially if it will not slow down your computer while you are playing, but at the same time, it will protect you from all possible cyber threats.
  • Use a robust security solution to protect yourself from malicious software and its activity on mobile devices.
Continue Reading

Cyber Security

The Average Time to Investigate a Cybersecurity Incident is Around 26.1 Days, says Binalyze

Published

3 months ago

on

September 21, 2023

By

With the intricacies of the digital world growing exponentially, the relevance of effective and timely Digital Forensics and Incident Response (DFIR) cannot be overstated. Recognising this need for insight, Binalyze, in collaboration with the global market intelligence firm IDC, is excited to publish a compelling new report: “The State of Digital Forensics and Incident Response 2023”.

Based on an extensive survey conducted in June 2023, the study brings into focus the perspectives of over 100 cybersecurity professionals from five Middle Eastern countries. This diverse respondent pool consists of individuals directly influencing the cybersecurity functions within their organizations, with roles spanning SOC analysts, DFIR professionals, Incident responders, Threat hunters, SOC managers, and Directors.

The key findings of the report are critical for anyone involved in DFIR, from SOC teams to individual analysts and investigators. Report highlights include:

  • According to the research and subsequent analysis, the average time to investigate an incident is approximately 26.1 days, and the time to resolve incidents is an additional 17.1 days.
  • The importance of reducing “detection-to-resolution” times for efficient incident management.
  • The ongoing skills shortage: 81% of respondents identified this as a major challenge.

“Our world thrives on digital connections, but with this connectivity comes vulnerabilities. As the frequency and intensity of cyber threats surge, the importance of DFIR in understanding, mitigating, and learning from these threats is paramount. There is a real and urgent need for forensic visibility at speed and scale. AIR is a game changer here and should be at the centre of all SOCs DFIR effort,” says Ahmet Öztoprak, Senior Sales Director of META at Binalyze.

This report serves as both a wake-up call and a guide. By leveraging the insights from the top cybersecurity professionals in the Middle East, ‘The State of Digital Forensics and Incident Response 2023’ aims to provide companies with the knowledge and solutions they need to combat emerging cyber threats effectively and maintain resiliency.

Continue Reading

Cyber Security

Cybercriminals Used Malware in 7 Out of 10 Attacks on Individuals in the Middle East

Published

3 months ago

on

September 19, 2023

By

Positive Technologies analyzed attacks on individuals in Middle Eastern countries between 2022 and 2023. Malware was used in 70% of successful attacks. More than half of these attacks involved spyware. The vast majority of attacks used social engineering techniques. In 20% of phishing campaigns, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously.

“According to our data, cybercriminals employed malware in 7 out of 10 successful attacks on individuals in the Middle East region. More often than not, the attackers infected users’ devices with spyware (three out of five malware attacks). This type of malware collects information from the infected device and then passes it on to the attacker. Depending on the task, spyware can steal personal and financial data, user credentials, as well as files from the device’s memory,” the company said.

Positive Technologies Information Security Research Analyst Roman Reznikov said, “By using spyware, attackers can compromise not only personal and payment information and personal accounts, but also corporate credentials, network connection information, and other sensitive data. The stolen data is then offered for sale on the dark web forums. As a result, a skilled attacker can gain access to an organization and carry out a successful attack, leading to non-tolerable consequences: disruption of technological and business processes, theft of funds, leakage of confidential information, attacks on customers and partners.”

In the vast majority (96%) of successful attacks on individuals in Middle Eastern countries, social engineering techniques were employed. Most often, these were mass attacks in which the criminals aimed to reach the maximum number of victims. To achieve this, they actively leveraged current news about significant global and regional events, including the 2022 FIFA World Cup Qatar.

In every fifth (20%) phishing campaign, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously. Criminals led the victims through a series of steps until the device was infected and data stolen. For instance, users could be lured through social media accounts that contained links to a messenger channel from which the victim would install a malicious application.

One of the reasons for the success of social engineering is the numerous data leaks from various organizations. “According to our research on the cybersecurity threatscape in the Middle East, 63% of successful attacks on individuals in the region resulted in leaks of confidential information. The majority of stolen information consisted of personal data (30%) and account credentials (30%). Cybercriminals were also interested in payment card data (10%) and user correspondence (8%).” the company added.

On the dark web, malicious actors sell information about users and also provide stolen data archives for free. Criminals use the compromised information in subsequent attacks on users. For example, a successful attack on a bank could result in fraudulent actions against its customers. Cybersecurity experts recommend that users follow cyber-hygiene rules.

Companies also need to ensure the security of employee and customer data. Data breaches cause reputational and financial damage and put at risk users whose information has been compromised. To maintain cyber-resilience, it’s essential to regularly assess the effectiveness of security measures and pay special attention to the verification of non-tolerable events.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.