The cloud is big and welcoming, but it’s not enough as cyberattackers go after backups.
The rules for backing up critical data and systems are changing, as cybercriminals look for new paths to exploit.
The original idea around backups was to deposit all data in a second location. In case of attack, that backup would be used to restore operations. With the advent of cloud services, backups became easier than ever.
But ransomware attacks are growing increasingly sophisticated. Attackers now go searching for the backups as well as primary systems.
A recent study by British IT security company Sophos found that cybercriminals attempted to go after backups in 94% of attacks in the past year.
And those attacks were costly: Companies where backups were compromised were nearly twice as likely to have paid ransom to recover data than those with no backup damage (67% versus 36%), the study found.
The ransomware demand was twice as much when backups were breached: an average of $2.3 million versus $1 million, according to Sophos.
Companies need another layer of security, says Tim Wilkinson, global head of cybersecurity operations at Rolls-Royce. Specifically, they need an offline vault that attackers can’t get to.