Connect with us

Market Research

Veeam Research Finds Organizations are Increasing Modern Data Protection for Cloud Workloads to Reduce Cyber Security Risks

Published

on

Veeam Software has released the findings of the company’s Cloud Protection Trends Report 2023, covering four key “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). The survey found that companies are recognizing the increasing need to protect their SaaS environments. For example, nearly 90% of Microsoft® 365 customers surveyed use supplemental measures rather than relying solely on built-in recovery capabilities. Preparing for a rapid recovery from cyber and ransomware attacks was the top cited reason for this backup, with regulatory compliance as the next most popular business driver.

Highlights of the report:

  • While new IT workloads are launching in the cloud at far faster rates than old workloads are being decommissioned in the data center, a surprising 88% brought workloads from the cloud back to their data center for one or more reasons, including development, cost/performance optimization, and disaster recovery.
  • With cybersecurity (including ransomware) continuing to be a critical concern, data protection strategies have evolved, and most organizations are delegating backup responsibilities to specialists, instead of requiring each workload (IaaS, SaaS, PaaS) owner to protect their own data. The majority of backups of cloud workloads are now being done by the backup team and no longer require the specialized expertise or added burden of cloud administrators.
  • Today, 98% of organizations utilize a cloud-hosted infrastructure as part of their data protection strategy. DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around Business Continuity and Disaster Recovery(BCDR) planning, implementation, and testing. Expertise is recognized as a primary differentiator by subscribers choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies.
  • Unfortunately, as is often the case for new cloud-hosted architectures, some PaaS administrators are incorrectly presuming that the native durability of cloud-hosted services relieves the need for backup: 34% of organizations do not yet back up their cloud-hosted file shares, and 15% do not back up their cloud-hosted databases.

“The growing adoption of cloud-powered tools and services, escalated by the massive shift to remote work and current hybrid work environments, put a spotlight on hybrid IT and data protection strategies across industries,” said Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam. “As cybersecurity threats continue to increase, organizations must look beyond traditional backup services and build a purposeful approach that best suits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centers to clouds and back again, as well as from one cloud to another — creating even more complexity in data protection strategy. The results of this survey show that while modern IT enterprises have made significant strides in cloud and data protection, there is still work to be done.”

The Veeam Cloud Protection Trends Report 2023 findings include:

Software as a Service (SaaS):

  • 90% of organizations realize they need to back up Microsoft 365. The report revealed only 1 in 9 (11%) organizations do not protect their Microsoft 365 data — a promising majority of 89% use third-party backups/BaaS or enhanced tiers of Microsoft 365 for legal hold, or both.
  • As data protection strategies have evolved and ransomware continues to be a top concern, most organizations are delegating backup responsibilities to backup specialists, instead of requiring each workload (IaaS, SaaS, PaaS) owner to protect their own data. This fuels the progression of backup becoming a conventional component tasked to the traditional backup admin versus the application team.

Infrastructure as a Service (IaaS): While organizations of all sizes now embrace hybrid-cloud architectures, it is not a one-way journey to the cloud that reduces the importance of the modern data center.

  • 30% of cloud-hosted workloads were from “cloud first” strategies, whereby new workloads are starting in clouds at far faster rates than old workloads are being decommissioned in the data center.
  • 98% of organizations utilize a cloud-hosted infrastructure as part of their data protection strategy, including cloud-storage tiers, cloud infrastructure as their disaster recovery site, or the use of BaaS/DRaaS providers.
  • 88% of organizations brought workloads from the cloud back to their data center for one or more reasons (development, cost/performance optimization, or disaster recovery)  — highlighting a need for 2023 data protection strategies to ensure consistent protection and the ability to migrate, as workloads move from the data center to cloud, cloud to the data center, or from one cloud to another cloud.
  • The majority of backups of cloud workloads are now being done by the backup team and no longer require the specialized expertise or added burden of cloud administrators. However, while nearly every organization acknowledged having long-term regulatory mandates, only half of organizations retain backups of their cloud data for even one year.

Platform as a Service (PaaS): While most organizations initially “lift and shift” servers from the data center to IaaS, most agree that running foundational IT scenarios, such as file shares or databases, as native cloud services is the future for mature IT workloads:

  • 76% run file services within cloud-hosted servers and 56% run managed file shares from AWS or Microsoft Azure
  • 78% run databases within cloud-hosted servers and 65% run managed databases from AWS or Microsoft Azure

Backup and Disaster Recovery as a Service (BaaS/DRaaS): Nearly every IaaS/SaaS environment also utilizes cloud services as part of its data protection strategy in some form. 

  • 58% of organizations utilize managed backup (BaaS) compared to the 42% that utilize cloud storage as part of their self-managed data protection solution. Of special interest, nearly half(48%) started with self-managed cloud storage but eventually switched to BaaS.
  • Nearly every organization (98%) claims to use cloud services as part of their data protection strategy, though that varies from cloud storage as a repository to full-fledged BaaS or DRaaS services.
  • BaaS is predominantly sought for gaining operational and economic efficiencies, as well as assuring data survivability from disasters and ransomware attacks. It is notable that BaaS is no longer seen as the “tape killer” that early pundits offered, with organizations stating that nearly 50% of their data is still stored on tape during its lifecycle, regardless of their use of cloud-based data protection services.
  • DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around BCDR planning, implementation, and testing. Expertise is perceived as a primary differentiator by subscribers choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies.

This year’s report showed a significant shift from last year as customers are increasingly interested in outsourcing their backups and gaining a “turnkey” or “white-glove” level of management service instead of the internal IT staff continuing to manage BaaS-delivered infrastructure. This shift indicates that experience and trust in providers are increasing and could also point to challenges over the past year with the IT talent supply chain.

The Veeam Cloud Protection Trends Report 2023, born from the annual Veeam Data Protection Trends Report, is the result of a third-party research firm that surveyed 1,700 unbiased IT leaders from 7 countries (US, UK, France, Germany, Japan, Australia, New Zealand) on their use of cloud services in both production and protection scenarios to deliver the largest single view into the trajectory of hybrid strategies across the modern IT enterprise in today’s cloud-first digital landscape. The broad-based market study was conducted to understand the various perspectives on responsibilities and methodologies related to operating and protecting cloud-hosted workloads, and considerations when using cloud-powered data protection.

Cyber Security

OneNote Documents Increasingly Used to Deliver Malware

Published

on

Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023. OneNote is a digital notebook created by Microsoft and available via the Microsoft 365 product suite. Proofpoint has observed threat actors deliver malware via OneNote documents, which are .one extensions, via email attachments and URLs.

While there is an increase in the number of campaigns utilizing OneNote to deliver malware, its use is unusual. Based on Proofpoint’s observed characteristics of past threat campaigns, it is believed that threat actors have increasingly adopted OneNote as of result of their experimentation with different attachment types to bypass threat detection. Since Microsoft began blocking macros by default in 2022, threat actors have experimented with many new tactics, techniques, and procedures (TTPs), including the use of previously infrequently observed filetypes such as virtual hard disk (VHD), compiled HTML (CHM), and now OneNote (.one).

Observed email campaigns that use OneNote for malware delivery share similar characteristics. While the message subjects and senders vary, nearly all campaigns use unique messages to deliver malware, and do not typically utilize thread hijacking. Messages typically contain OneNote file attachments with themes such as invoice, remittance, shipping, and seasonal themes such as Christmas bonus, among other subjects. In mid-January 2023, Proofpoint researchers observed actors using URLs to deliver OneNote attachments that use the same TTPs for malware execution.

The OneNote documents contain embedded files, often hidden behind a graphic that looks like a button. When the user double-clicks the embedded file, they will be prompted with a warning. If the user clicks continue, the file will execute. The technique may be effective for now. At the time of analysis, multiple OneNote malware samples observed by Proofpoint were not detected by numerous anti-virus vendors on VirusTotal.

It is important to note, an attack is only successful if the recipient engages with the attachment, specifically by clicking on the embedded file and ignoring the warning message displayed by OneNote. Organizations should educate end users about this technique and encourage users to report suspicious emails and attachments.

Continue Reading

Market Research

UAE Organisations Lost Over AED 5.1M in Ransomware in 2022: Acronis

Published

on

Acronis has released its latest cyberthreats and trends report for the second half of 2022 which found that phishing and the use of MFA fatigue attacks, an extremely effective method used in high-profile breaches, are on the rise. Conducted by Acronis’ Cyber Protection Operation Center, the report provides an in-depth analysis of the cyberthreat landscape including ransomware threats, phishing, malicious websites, software vulnerabilities, and a security forecast for 2023.

Of note, the report found that threats from phishing and malicious emails have increased by 60% and the average data breach cost is expected to reach US$5 million by next year. The research team who authored the report also saw social engineering attacks jump in the last four months, accounting for 3% of all attacks. Leaked or stolen credentials, which allow attackers to easily execute cyberattacks and ransomware campaigns, were the cause of almost half of reported breaches in H1 2022.

“The last few months have proven to be as complex as ever – with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis VP of Cyber Protection Research. “Organizations must prioritize all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are evolving, using some of the tools, like MFA, that we rely on to protect our employees and businesses against us.”

Middle East and Africa Cybersecurity Landscape
As the Middle East region continues to grow its digital ecosystem, solid cybersecurity strategies remain a top priority on the back of heightened data breaches. According to security analysts, breaches reported in the Kingdom of Saudi Arabia, for example, could reach an average of US$7 million as the country continues to report one out of five attacks to be ransomware.

With the average cost of ransomware attacks increasing every year, factors such as weak credentials, phishing emails, and unpatched vulnerabilities remain the top cyber-attacking vectors. In the UAE, targeted organizations lost over US$1.4 million in ransomware, forcing over 40% of the impacted companies to shut down. Following this worrying trend, the UAE Cyber Security Council announced the adoption of stringent cybersecurity standards to safeguard the country’s digital space.

Ranked as the sixth-most dense region for cybercrime in the world, cybercrime victims in South Africa surged from 14.1 victims per one million internet users in 2019 to 50.8 victims in 2020. Most recently, the country enacted its cybersecurity act, which clearly defines cybercrimes in a bid to effectively regulate and prosecute them.

In Kenya and Nigeria, financial phishing attempts rose significantly in Q1 and Q2 of 2022 as banks, online payment systems, and e-commerce websites were targeted. In Kenya, over 100,000 financial phishing attacks were detected – a 201% increase compared to Q1 and Nigeria has reported over 61,000 financial phishing attacks, representing an increase of 79% compared to Q1.

Report Highlights: Threat Landscape Sees New Challenges
As security tactics and the technologies associated with them evolve, so do the threat actors trying to break into organizations and their ecosystems. The constant feed of ransomware, phishing, and unpatched vulnerabilities demonstrates how crucial it is for businesses to reevaluate their security strategies.

Ransomware Continues to Worsen:

  • Ransomware continues to be the number one threat to enterprises and businesses including government, healthcare, and organizations in other sectors.
  • Each month in the second half of this year, ransomware gangs were adding 200-300 new victims to their combined list.
  • The market of ransomware operators was dominated by 4-5 players. By the end of Q3 the total number of compromised targets published for the main operators in 2022 were as follows:
    • LockBit – 1157
    • Hive – 192
    • BlackCat – 177
    • Black Basta – 89
  • 576 publicly mentioned ransomware compromises in Q3, a slight increase from Q2.
  • The number of ransomware incidents decreased slightly in Q3, after a high during the summer months. From July to August, Acronis saw a 49% increase in blocked ransomware attacks globally, followed by a decrease of 12.9% in September and 4.1% in October.
  • There is a shift towards more data exfiltration as the main actors are continuing to professionalize their operations. Most of the large players have expanded to macOS and Linux and are also looking at the cloud environment.

Phishing and Malicious Emails Remain Successful for Threat Actors:

  • The most-attacked countries in terms of malware per user in Q3 of 2022 were South Korea, Jordan, and China.
  • An average of 7.7% of endpoints tried to access some malicious URLs in Q3 2022, slightly reduced from 8.3% in Q2.
  • The country with the most clients experiencing malware detections in October 2022 was the United States with 22.1%, followed by Germany with 8.8% and Brazil with 7.8% which are very similar to the Q2 numbers, except for US and Germany which had a small increase, especially in financial trojans.
  • Spam rates have increased by over 15% — reaching 30.6% of all inbound traffic.
  • Email-borne attacks are targeting virtually all industries. By analyzing the top 50 most attacked organizations, it seems that the most attacked industries are:
    • Construction
    • Retail
    • Real estate
    • Professional Services (Services and computers & IT)
    • Finance
  • Between July and October 2022, the proportion of phishing attacks has risen by 1.3x reaching 76% of all email attacks (up from 58% in H1 ‘2022). This rise is at the expense of the proportion of malware attacks.

Unpatched Vulnerabilities Prove Fruitful into the Second Half of the Year:

  • Acronis continues to see and warn businesses and home users that new zero-day vulnerabilities and old unpatched ones are the top vectors of attack to compromise systems.
  • While software vendors try to keep up and release patches regularly, quite often it is still not enough — a lot of attacks succeed due to unpatched vulnerabilities.
  • Microsoft:
    • Another phishing campaign targeting Microsoft did impersonate “the Microsoft team” and tried to bait the recipients into adding their memo text onto an online memorial board “in memory of Her Majesty Queen Elizabeth II” when she passed away in September.

Another large-scale phishing campaign was spotted targeting credentials for Microsoft’s M365 email services. It is aimed at fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia.

Continue Reading

Cyber Security

79% of MEA Organizations have a “Protection Gap”: Veeam Research

Published

on

Veeam Software has released findings of the company’s fourth annual Data Protection Trends Report to better understand how data protection is evolving in a digital world.

Notable insights from the report include:

  • Reliability and consistency (of protecting IaaS and SaaS alongside data center servers) are the key drivers for improving data protection in 2023. For organizations that are struggling to protect cloud-hosted data with legacy backup solutions, it is likely they will supplement their data center backup solution with IaaS/PaaS and/or SaaS capabilities.
  • Ransomware is both the most common and most impactful cause of outages, alongside natural disasters (fire, flood, etc.) and user errors (overwrites, deletion, etc.). Organizations should implement backup and recovery solutions that support a holistic approach to data protection, and that can integrate with other cyber detection and remediation technologies to ensure comprehensive cyber resilience.
  • Cloud-based services seem nearly inevitable for organizations of all sizes. But similar to how there isn’t just one type of production cloud, there isn’t just one protection cloud scenario. Organizations should consider cloud tiers for retention, Backup as a Service (BaaS), and ultimately, Disaster Recovery as a Service (DRaaS).

“IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks are increasing,” said Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam. “This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption. Legacy backup approaches won’t address modern workloads – from IaaS and SaaS to containers – and result in an unreliable and slow recovery for the business when it’s needed most. This is what’s focusing the minds of IT leaders as they consider their cyber resiliency plan. They need Modern Data Protection.”

The report shows that data protection budgets are increasing. Globally, organizations expect to increase their data protection budget in 2023 by 6.5%, which is notably higher than overall spending plans in other areas of IT. Of the 85% of organizations planning on increasing their data protection budgets, their average planned increase is 8.3% and often in concert with increased investments in cybersecurity tools.

The Middle East and Africa market throw up some interesting findings:

Protection and Availability Gap in the MEA region

  • 78% have an “Availability Gap” between how quickly they need systems to be recoverable and how quickly IT can bring them back
  • 79% have a “Protection Gap” between how much data they can lose and how frequently IT protects their data

Ransomware in the MEA region

Ransomware attacks continue to be more frequent

  • Only 14% experienced no ransomware attacks in 2022
  • 18% experienced only one attack
  • 48% experienced two or three attacks
  • And 21% experienced four or more attacks in 2022
  • 45% of organizations stated that ransomware (including both prevention and remediation) was their biggest hindrance to Digital Transformation or IT modernization initiatives, due to its burden on budgets and manpower
  • When organizations were asked about their most significant attacks suffered in 2022:
    • 39% of their entire production data set was successfully encrypted or destroyed
    • Only 55% of the encrypted/destroyed data was recoverable

“Ransomware is indiscriminatory – every business is a target. Rather than be gripped with fear at the prospect of being attacked, organizations must focus on what they can control – their defence. The fundamental principles of how to prepare defences against even the most sophisticated and powerful ransomware stay relatively the same. The first is the practice of impeccable digital hygiene. All employees must be trained to identify suspicious content and be warned of the impact that malpractice using work devices can lead to. Secondly, all businesses must prepare for their defences to fail. Concepts such as zero trust and deploying techniques such as two-factor authentication can be useful for restricting the access an attacker has to data. The best way to protect data is to ensure that it has been securely backed up and is fully recoverable before an incident takes place with the 3-2-1-1-0 backup rule – there should always be at least three copies of data, on at least two different types of media, at least one off-site and one immutable or offline, with zero unverified backups or errors,” concludes Rizk.

Business Continuity and Disaster Recovery (BC/DR) initiatives in the MEA region

  • Every facet of IT continues to be a candidate for cloudification, with data protection being a common scenario.
    • 84% of Middle East & Africa organizations anticipate using Backup as a Service (BaaS) or Disaster Recovery as a Service (DRaaS) to protect at least some of their servers over the next two years.
  • That said, cloud-based storage is not misunderstood as the “tape killer” that early pundits tried to sell it as. When discussing the media used within their backup systems, the Middle East & Africa organizations reported that in addition to disk-based protection:
    • 64% of production data is stored in a cloud at some point in its lifecycle
    • 52% of production data is stored on a tape at some point in its lifecycle
  • 86% organizations consider their cyber and (traditional) BC/DR initiatives to be either mostly or completely integrated. To achieve that among organizations in the Middle East & Africa:
    • 41% want to orchestrate recovery workflows, instead of relying on manual processes
    • 25% will leverage on-premises infrastructures for their BC/DR
    • 41% will leverage cloud infrastructures for their BC/DR, using IaaS or DRaaS

“It is no surprise that BaaS and DRaaS are becoming so popular among regional organizations. They provide viable alternatives to managing everything. It can be more cost effective to outsource backup and disaster recovery needs instead of hiring and training in-house resources. A BaaS provider can ensure backups are not only successful but regularly tested and restorable. A DRaaS provider can support with as little as an off-site replication or fully manage your complete disaster recovery plan from testing and execution to failing over and failing back, should an unplanned event occur,” comments Rizk.

“Veeam understands these changing market dynamics and data protection needs of enterprises today. From critical workloads running on-premises to the sprawl of data in the cloud and at home offices, Veeam-powered BaaS and DRaaS service provider partners offer the off‑site backup, monitoring and management, and disaster recovery services organizations need to stay resilient in the face of any threat.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.