Category: Cybersecurity

Cybersecurity blog topics including Managed Firewall, Security as a Service (SECaaS), and Managed Anti-Virus and Anti-Spam. Protects against malware such as ransomware, insider threats, and data loss.

This Holiday Season Don’t Let The Backup Grinch Steal Your Time

December 1, 2022

As we approach the holiday season, no one wants to be recovering data when they should be spending precious time with family and friends. Unfortunately, IT departments are too often required to respond to emergencies during the holidays because of the 24/7 nature of modern business. Customers and prospects continue to interact with businesses online, even when the brick and mortar doors are closed.

This powerful, always on business strategy requires an equally powerful backup plan. Thankfully, while businesses and their IT departments no longer operate on a nine-to-five basis, neither does the support to help them through the holidays. Client interaction and client support happen more instantaneously than ever before, with 24/7 accessibility.

Is your business prepared for disaster this holiday season?

What Is Your Data Loss Plan?

Data loss can occur in several ways. A device can be lost or stolen. Hardware can fail or become corrupted. A simple click can introduce ransomware into networks and cause widespread, crippling infection. Malicious hackers love the winter holiday season – they know that in-house IT hours are reduced, and businesses have their guard down.

In seconds, tons of valuable data can be locked down or obliterated. All that is left is a business clambering to repair their relationships with clients and vendors, while spending large amounts of money and time trying to get things back up and running. A small error can create a calamity that requires all hands on deck, and that some businesses can never fully recover from.

You must ask yourself: if your company were caught in a similar scenario during the holidays, do you have a disaster recovery plan in place to quickly respond and get back to business? Would you be able to recover, or would your operations grind to a halt?

Disaster Recovery to the Rescue

It is possible to keep things running smoothly even when trouble arises. The DRaaS advantage lies in its ability to provide complete and rapid cloud recovery services. These services range from site and transactional restoration, to full data center recovery and failovers.

Because DRaaS is cloud-based, you won’t need to make a heavy upfront investment in a data center, servers, or software licenses to get your own remote backup and DRaaS solution. DRaaS additionally benefits enterprises by replacing huge capital expenditures with more manageable operational expenditures, making DR accessible to and affordable for any size organization.

For more information and insights, read our Disaster Recovery Guide now to learn what you need to be prepared.

Storagepipe Will Save Your Holiday Season!

Whether it’s a data breach, a power outage, a hard drive failure, or a storm or other disaster – restoring your service in the case of a disaster should be a paramount concern for any organization and requires a thorough Disaster Recovery Plan.

Data backup and security is important all-year round. If you’re lucky enough to be a Storagepipe client already, you can rest assured that your data is safe with our secure Backup and Disaster Recovery Services.

If you haven’t signed up yet, take advantage of our Christmas 2022 special and get up to 70% off on select services. Contact us for an expert assessment and pricing today, and rest easy during the holidays!

Stay Safe in the Cloud with Storagepipe

Questions? Ask Our Experts!

Data Protection, Backup & Recovery Trends Report 2022: Wrap Up the Year with Storagepipe

November 30, 2022

Hello friends,

We’re wrapping up the year with our annual Data Protection, Backup and Recovery Trends Report, where we share the most urgent, prevalent, and emerging challenges that we helped our customers solve with managed Cybersecurity , Backup as a Service and Disaster Recovery Services.

As we look back on 2022, we appreciate all the customers, partners, and supporters that joined us through a challenging winter, a fast-paced summer, and an autumn jam-packed with new opportunities.

Understanding this past year’s trends helps you to establish a benchmark as you consider your organization’s Data Protection opportunities and challenges and begin to plan for 2023.

Microsoft 365 Migration Shifted to M365 Data Protection

After a rapid adoption phase in 2020 – 2021 spurred by expected growth in digital transformation initiatives and the unexpected Covid-19 pandemic necessitating a massive shift to remote and hybrid work models, IT departments began reassessing their data protection needs in 2022.

In the rush to adopt, migrate, and deploy, data protection considerations can be overlooked. While many appreciate the collaboration made possible with Microsoft 365, some are unaware that the protection of data generated by these applications is their business’s responsibility. Microsoft does not perform backups on a company’s behalf, and they do not provide recovery services.

Microsoft’s Shared Responsibility Model states that they are responsible for ensuring that the platform remains accessible and available, while the customer is responsible for ensuring that their data is backed up and recoverable in the event of a disaster. If an adverse incident such as a security breach or ransomware attack strikes, Microsoft will not recover your data for you.

The risk of falling victim to ransomware is ever-present, with phishing emails and their mishandling by end users continuing as the #1 vulnerability vector. Malicious actors took advantage of the trust people have in Microsoft’s brand by embedding well-known file types such as Excel and Word with malicious links and code and adding them as email attachments from addresses that include ‘outlook’ in their domain. These tactics almost doubled in popularity between Q1 and Q2 2022.

Throughout 2022, Storagepipe has spread awareness of these dangers to your data and worked with businesses of all sizes to put effective managed anti-spam, backup, and disaster recovery plans in place.

Learn how organizations can achieve complete Microsoft 365 Data Protection in our helpful guide here.

All Businesses At Risk For Ransomware

In 2020, bad actors attacked big, enterprise targets – companies that had the deep pockets to pay out. As those businesses strengthened their cybersecurity posture and disaster recovery plans in response, they became more challenging to victimize. This spurred a shift in tactics from the private to the public sector, as large healthcare, infrastructure and energy, and government organizations became the new favoured prey throughout 2021.
After several headline newsworthy incidents, the public sector began taking notes from the private sector’s hard-won lessons and shored up their backup and recovery, as well as their cybersecurity monitoring, detection, and response capabilities.

As large entities in both private and public sectors came under attack, insurance companies bore the brunt of hefty ransomware payouts and criticism that their policies were rewarding bad behaviour. Fast-forward to 2022, and the terms – and costs – of cybersecurity insurance policy renewals have become eye-watering and for some SMBs, prohibitive.

Large businesses and government agencies may be able to absorb the increased expenditures and resources needed to meet the new compliance requirements. However, small and medium sized businesses can struggle to justify the spend when comparing risks, costs, and benefits. Especially with the added assumption that malicious actors only focus their attacks on enterprise sized organizations.

In 2022, that assumption proved to be disastrously wrong. For starters, data protection safeguards against more than just ransomware. It protects organizations from insider threats, accidental deletion or other user errors. It also protects against facility and hardware failures triggered by outdated equipment, misconfigured networks, connection downtimes, and natural disasters that wipe out entire regions.

While other threats have always existed, small and medium-sized businesses were often considered less profitable targets than the Fortune 500 set. And while malware incidents were common, expensive, and disabling, ransomware attacks before 2022 were less common for SMBs. This meant that their backup, recovery, and cybersecurity requirements weren’t as high as their larger peers’, and in turn less investments were made in keeping critical data and systems secure.

As 2022 progressed, that norm rapidly changed.

Ransomware has transformed into a business type of its own, with Ransomware-as-a-Service models, organized programmers providing regular patches and updates, and entire departments dedicated to extorting and processing payments that enable malicious actors to grow their attacks at scale. Some ransomware groups even have toll-free phone numbers that victims are told to call for more instructions, and chat support teams that have queues of victims waiting to pay.

Like all businesses, they need to produce a profit. Cyberattacks on enterprises have become time-intensive, with uncertain success. Even if malicious actors can breach the increased defenses made possible by improved firewalls, anti-spam tools, and virus blockers, their intrusions are increasingly discovered and rooted out by sophisticated cyberthreat detection and response before they can launch the full attack and lock down the victim’s systems. When the attackers can make their ransomware demand, they are increasingly being rebuffed thanks to their victims’ growing ability to fully recover their data and environments with managed backup and recovery services, and reluctant insurance companies balking at the claims.

From the attackers’ point of view, shifting their efforts to less protected, unsuspecting small and medium businesses makes good business sense. While the revenue per attack may be less, the number of attacks and success rate more than makes up the difference. As a result, many SMBs have been devastated in 2022 by downtime, data loss and egress, system corruption, compliance liabilities, steep insurance deductibles and premiums, and reputational damage. For some, these impacts have led to permanent business closure.

As we near the end of 2022, businesses and organizations of all sizes now require enterprise-grade data protection, disaster recovery, and cybersecurity to ensure their business continuity into 2023 and beyond. Thankfully, there are flexible and cost-efficient services available such as Warm Site Disaster Recovery.

Managed Detection and Response (MDR) Has Changed the Playing Field

As threat actors become more prevalent, organized, and multi-pronged in their attacks, businesses need a more coordinated strategy to guard their three main attack surfaces – endpoints, networks, and cloud/SaaS – 24/7. Realistically, most businesses lack the resources to ensure that level of coverage, or the expertise required to keep up with the rapidly evolving threat landscape.

With the necessity, came the invention. Managed Detection and Response Services simplify cybersecurity management with all-in-one 24/7 analyst-verified threat data and prioritized, actionable observations and recommendations to identify and counter cyberthreats before they take hold.

Now businesses of all sizes can block, discover, and disable attacks before they lock down systems and data, denying bad actors the chance to ransom organizations out of business and completely changing the threat landscape playing field.
What are your thoughts on our Trends Report? Let us know!

Data Protection with Cybersecurity, Backup and Recovery Services 2023 Trends Forecast

For forward-looking insights, check out what we’re expecting to trend in Cybersecurity services and Backup and Disaster Recovery services in 2023 as we help organizations plan and implement their cyber resilient Data Protection strategies.

Questions? Contact Us!

Data Protection 2023 Trends Forecast: Cybersecurity, Backup and Disaster Recovery Services

November 25, 2022

Check out what we’re expecting to trend in Cybersecurity services and Backup and Disaster Recovery services in 2023 as we help organizations plan and implement their cyber resilient data protection strategies.

Mandatory Cybersecurity Awareness Training

Storagepipe predicts that threat actors will continue to target end users with phishing and social engineering campaigns by spoofing well-known, trusted, and widely utilized B2B brands such as Microsoft, parcel and mail delivery service providers such as FedEx and DHL, and financial institutions. Human resource brands such as benefit providers or payroll portals are excellent examples of where this trend could head next.

Targeting victims using social media platforms is likely to escalate as well, especially with mixed signals emerging at the end of 2022 around what constitutes a verified account, who is truly verified, and who can be trusted. Malicious actors will take advantage of the confusion and yet again hide behind brands and identities that end users consider safe sources and contacts.

Businesses should treat all emails with attachments and especially those that prompt the user to login to a portal or share their credentials with a high degree of suspicion. Education around these and other best practices will shift from ‘smart to have’, to ‘need to have’ in 2023 as insurance companies stipulate mandatory Cybersecurity Awareness Training for end users and anyone else that has access to a business’s data, systems, and applications.

Cyber Resiliency from Data Loss Prevention to Recovery

Cyber resiliency is top of mind for most IT leaders as they navigate an increasingly complex security and threat landscape where the likelihood of ransomware attacks has transitioned from ‘if’ to ‘when.’

Malicious actors are attacking companies of all sizes, necessitating an enterprise-quality strategy and scalable toolset for small, medium, and large organizations.

Storagepipe predicts a steep increase of small and medium sized businesses taking advantage of emerging and cost-effective services. This increase in mid-market adoption will be driven by IT departments facing an uphill battle with escalating compliance requirements and sophisticated attacks across their endpoints, networks, and SaaS. Realistically, most SMBs lack the resources or expertise to ensure that level of coverage on their own.

IT leaders should ask themselves, ‘Do I have the people and tools to protect the business’s most valuable information assets 24/7?’

2023 will see an increased awareness around the benefits of a multi-layered Cybersecurity framework to protect IT environments. Savvy businesses will look for solutions that provide cyber resiliency, which encompasses Data Protection and Cybersecurity services to deliver combined data loss prevention and recovery capabilities.

Incident and Cyberattack Prevention

Many IT departments are overwhelmed with ‘noise’ from false alarms, activity logs, and putting out day to day fires that stealthy attacks can go undetected until it is too late. Preventative methods such as Managed Detection and Response services simplify cybersecurity management with all-in-one 24/7 threat monitoring, analysis, and response across the three main attack surfaces – endpoints, networks, and cloud/SaaS. MDR services provide businesses with analyst-verified threat data and prioritized, actionable observations and recommendations to identify and counter cyberthreats before they take hold.

Often seen as a recovery tool, backups are earning a spot in the prevention toolbox too. Storagepipe has seen demand for immutable backup options surge. Immutability prevents threat actors from altering your local and cloud backup files, enabling resiliency from disaster by ensuring that you have an uncorrupted copy of your most critical data. Immutable backup copies also enable businesses to meet internal and external retention compliance requirements. Storagepipe provides cloud-based insider protection plus retention built-in with Veeam Backup and Recovery services. We also offer local and cloud-based immutable storage, along with air-gapped archival services for secure long-term data retention.

Regular Cybersecurity Awareness Training empowers employees to spot malicious emails and other attempts to trick them into revealing sensitive details, directly preventing incursions. Managed Anti-Spam services reduce the frequency that end users are faced with malicious email in the first place.

Disaster Recovery and Business Continuity

Recovery options in 2023 will broaden for companies of all sizes, with service providers developing solutions to help meet the demand for rapid recovery at different price points. While data protection was once considered cost-prohibitive for some small and medium-sized businesses, now disaster recovery services like Warm Site Disaster Recovery enable SMBs to achieve critical data and system recovery within a reasonable time and a reasonable budget.

As public cloud platforms continue to grow in popularity, companies will seek to build resilient and flexible backup and disaster recovery plans that grow at scale with their business, no matter where their data and systems reside. Adherence to the 3-2-1-1 Backup Rule as a best practice will continue to gain traction as it supports recovery across hybrid and cloud environments.

The 3-2-1-1 Backup Rule recommends organizations have 3 copies of their data. At least 2 of those backups should be stored on different media, 1 of which needs to be offsite, and 1 that is offline. The 3rd copy can be local, or in the cloud. Veeam Cloud Connect helps businesses to ensure they have a copy of their data offsite by easily extending to the cloud for online Backup, Replication and Disaster Recovery. Services like specialized Public Cloud Backup as a Service for Azure, AWS, and IBM Cloud will support secure public cloud adoption throughout 2023.

Storagepipe also offers pre-configured local Veeam Appliances equipped with immutable storage, providing rapid recovery capabilities from ransomware attacks and other urgent threats. Extended cloud immutability offers longer-term cloud recovery capabilities and is a popular option for many businesses as we head into 2023.

Microsoft 365 Data Protection Continues

In the rush to adopt, migrate, and deploy Microsoft 365 over the past couple of years, data protection considerations may have been overlooked by some organizations. While many appreciate the collaboration made possible with Microsoft 365, some are unaware that the data generated by these applications is their business’s responsibility to protect. Microsoft does not perform backups on your behalf, and they do not provide recovery services.

Microsoft’s Shared Responsibility Model states that they are responsible for ensuring that the platform remains accessible and available, while the customer is responsible for ensuring that their data is backed up and recoverable in the event of a disaster. If an adverse incident such as a ransomware attack strikes, Microsoft will not recover your data for you.

Storagepipe will continue to spread awareness of these dangers to your data and work with businesses of all sizes to put effective managed anti-spam, backup, and disaster recovery plans in place.

Learn how organizations can achieve complete Microsoft 365 Data Protection in our helpful guide here or contact us today for a demo!

Horrors of Not Having a Disaster Recovery Plan

October 6, 2022

From Server Street to the Cloud, It’s a Nightmare Everywhere!!!!

Cyber criminals aren’t waiting until Halloween to trick you into losing your important data from your business, and you shouldn’t wait to put a Disaster Recovery Plan in place to protect your business either!
Here’s why…

Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes. Around 90% of attacked companies suffer an average cost of $1.55 million USD each year while the average downtime due to a ransomware attack is 19 days. (Coveware)

For many organizations, these negative impacts can result in compliance and regulatory issues, damage to their reputation and profitability, and in some cases even leads to business closures. Business leaders are increasingly finding that the cost of cybersecurity inaction is too high.

If your organization is attacked, are you prepared? Do you have a ransomware recovery or disaster recovery plan in place?

This Cyber Security Awareness Month, Storagepipe is here to guide you through the process and information that you need to gather, assess, and build upon for effective data Backup and Disaster Recovery. Download your copy of our Disaster Recovery Plan Template here!

What are the biggest threats to your organization’s systems and data today?

Gartner Peer Insights and Storagepipe surveyed 100 IT leaders to discover their concerns, predictions, and challenges when it comes to disaster recovery. Read on for key insights or download the full report here!

When asked what they considered to be the biggest threats to their systems and data today, we found that IT leaders believe cybersecurity threats to be a key concern overall. Nearly half of the 100 surveyed (40%) say that ransomware/malware is their top concern, followed by user error (24%) and backup and recovery failure (15%).

These responses bring up the question…

How strong is your Disaster Recovery Plan?

Is your organization using effective cybersecurity and data protection strategies, solutions and/or services to ensure that your data, and systems and your customers’ data and privacy are protected?

When we asked this question, 96% of respondents said they’re using proactive cybersecurity to ensure the availability of their data, but only 59% of respondents said they’re doing this for their business systems.

Protect your organization from Cybersecurity Horrors with our DR Plan

A well-prepared ransomware recovery plan recognizes that a disruption to your business for even a few hours can result in significant financial and reputational repercussions. The plan should include Recovery Point Objective (RPO) and Recovery Time Objective (RTO) directives that guide decisions, procedures, and backup and disaster recovery services that ensure that your business survives with as little damage as possible.

Storagepipe can help identify weak points in your cyber resilience posture and provide a combination of cybersecurity services to help protect your business. Share your cybersecurity concerns today to see how we can help!

Get Your Halloween Disaster Recovery Plan Treat!

There are no tricks here! Read our Disaster Recovery Buyer’s Guide now to learn what you need to be prepared. Download your copy of our Disaster Recovery Plan Template for effective data Backup and Disaster Recovery.

Stay Safe in the Cloud with Storagepipe

How Strong is Your Disaster Recovery Safety Net?

October 6, 2022

Ransomware and other cyberthreats are changing business’s needs for data protection across their on-premise, private cloud, SaaS, and public cloud environments.
If your organization is attacked, are you ready? Do you have a ransomware or disaster recovery plan in place?

Storagepipe has put together a template to guide you through the process and information that you need to gather, assess, and build upon for effective data Backup and Disaster Recovery. Download your copy of our Disaster Recovery Plan Template here!

As ransomware attacks have become an inevitability, disaster recovery is more important than ever before. However, with competing budget and security priorities many organizations are left exposed and unprepared.

Gartner Peer Insights and Storagepipe surveyed 100 engineering, security, IT, and operations leaders to discover their concerns, predictions, and challenges when it comes to disaster recovery. Read on for key insights or download the full report here!

What are the biggest threats to your businesses systems and data today?

When asked what they considered to be the biggest threats to their systems and data today, we found that IT leaders believe cybersecurity threats to be a key concern overall. Nearly half of the 100 surveyed (40%) said that ransomware/malware is their top concern, followed by user error (24%) and backup and recovery failure (15%).

When asked if their organization had experienced a data breach or cyberattack in the past two years, the majority (44%) of respondents said that they did, 42% said they did not and 14% were not sure.

Of those who have experienced a breach in the last 2 years, 61% said that breach was caused by malicious emails.

Additionally, only 2% of respondents said their end users have not experienced some form of email phishing.

Analyzing this data and these responses brings us back to the question –

How strong is your disaster recovery safety net after all?

Is your organization using effective cybersecurity and data protection strategies, solutions and/or services to ensure that your data and systems as well as your customers’ data and privacy are protected?

When we asked this question, 96% of respondents said that they’re using proactive cybersecurity to ensure the availability of their data, but only 59% of respondents said that they’re doing this for their business systems.

How are they protecting their data? Take a look here:

82% of tech leaders are using either a Managed Backup as a Service provider or a Managed Disaster Recovery as a Service provider to protect their business while 72% of tech leaders are using tools available through their Cloud provider to protect their Cloud environments. What’s interesting is that even amongst those using Cloud Provider tools, 80% of those are also using either a Managed Backup as a Service provider or a Managed Disaster Recovery as a Service provider for additional protection and expertise.

If you were attacked by ransomware today, how quickly would you be able to recover all your systems, data, and business operations?

70% of respondents said that if they were attacked by ransomware, they’d be able to recover all their systems within 24 hours, and 12% said it would take more than 48 hours.

24 hours or less is not fast enough for most business recovery time objectives (RTOs). If your current services and solutions are unable to recover and restore your data quickly enough to meet your RTO, the business stands to suffer unacceptable downtime, damage, and consequences.

No matter the size, location, or industry, organizations need to take the time to put together a well-thought-out and practical disaster recovery strategy for implementing cybersecurity and DR best practices.

Organizations should have an easy-to-understand step-by-step guide on what to do in a data emergency so that employees, partners and vendors understand their roles, responsibilities and the resources available to them before, during and after a crisis strikes.

What backup and disaster recovery software does your organization have in place today? Is your organization considering immutable storage to protect data from cybersecurity threats?
Download this report to find out what 100 IT leaders have to say about this!

Strengthen Your Security Posture with our Disaster Recovery Plan

Many companies large and small are searching for flexible and affordable cybersecurity and ransomware recovery services that can help them be more proactive and also recover from ransomware across their endpoints, network, cloud, and SaaS applications.

A well-prepared ransomware or disaster recovery plan recognizes that a disruption to your business for even a few hours can result in significant financial and reputational repercussions. The plan should include Recovery Point Objective (RPO) and Recovery Time Objective (RTO) directives that guide decisions, procedures, and cybersecurity, backup and disaster recovery services that ensure that your business survives with as little damage as possible.

Download your copy of our Disaster Recovery Plan Template!

Ransomware Prevention with Managed Cybersecurity Services

Contact our cybersecurity and disaster recovery experts today to explore your best ransomware protection options!

How Cyber Security Awareness Training Strengthens Your Business

September 9, 2022

No matter how large or small your business is, it’s a target for cybercriminals, and the bullseye is squarely on the backs of employees. Cyberthreats range from malicious emails and social media to sophisticated ransomware attacks. In a related study, Storagepipe found that 61% of surveyed IT pros reported that their organization had experienced ransomware, a data breach or cyberattack caused by malicious emails in the past two years.

Your organization’s cybersecurity is only as strong as your employees’ ability to identify, avoid, and report suspicious activity. It takes a single unwitting click on a phishing link to grant criminals access to everything on a given network and, in some cases, beyond into other systems and applications.

With a reported 150% rise in ransomware attacks between April 2020 and July 2021, it is becoming increasingly important and essential for end users with access to business systems to learn more about how they can protect themselves and their organizations from various types of cyberthreats. Organizations that want to transform end users from the weakest link in the security chain into a truly resilient first line of cyber defense are exploring ways to effectively educate their employees.

Gartner Peer Insights and Storagepipe surveyed 341 tech decision makers to find out what the current state of cyber security awareness training is in their organizations and the common challenges they are facing. Here’s what they had to say:

Most (64%) decision makers describe the average employee’s understanding of cybersecurity best practices within their organization as satisfactory. Over a quarter (28%) believe employee cybersecurity awareness is below where it should be. We think that this is a concerning red flag that savvy IT leaders should heed.

Given our experiences helping customers with data protection and disaster recovery services for over 20 years, Storagepipe understands the importance of cybersecurity awareness training and the difference that it makes to a company’s cyber resiliency. We have seen the damage caused by a careless click or unwitting download and want to share our insights so that you can learn from our experiences pain-free.

Types of Cyber Security Threats That Target Employees:

Here are the top cybersecurity threats that your employees need to be aware of:

Malware Attacks: Malware is malicious software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Examples of common malware include viruses, worms, trojan viruses, spyware, adware, and ransomware.

To learn more about malware, check out our series “Why Malware Happens” where we discuss everything from Spam and Botnets, to Phishing and Social Engineering.

Looking for insights around ransomware prevention and recovery? See our report or book a demo with our team!

Password Attacks: One of the most common forms of corporate and personal data breach is where attackers try to gain access to password protected accounts by stealing passwords using social engineering tactics or guessing them using random or systematic methods. A strong password creation and management strategy as well as two-factor authentication (2FA) or more robust multifactor authentication (MFA) are needed to prevent such attacks.
Social Engineering Attacks: These types of attacks work by convincing victims that the attacker is someone they know like a colleague or friend. Social media platforms are often used to study and access victims and compromised or spoofed email addresses are used to send malicious messages and links. Under the guise of being someone that the victim trusts, the attacker manipulates the victim into divulging sensitive information or performing tasks that aide the attacker in their scam.
Read more about some common social engineering attacks in our April Fools blog where we have 7 Tips for The April Fool in All of Us!

Our suggestions are supported by stats from IT leaders. When we asked 341 tech decision makers what their biggest cybersecurity concerns were, here’s what they had to say:

The most common concern for end user cybersecurity risk among decision makers is phishing scams (77%), followed by passwords/access management (70%), and social engineering (54%). That is why some of the most common cybersecurity protocols in place are strong password policies and phishing tests.
But is that enough?

Security teams can implement an array of cybersecurity tools to protect business-critical assets, but they cannot necessarily control end user behavior around cybersecurity practices. End users may still be responsible for setting passwords and deciding if email is suspicious on a daily basis, both of which are vulnerable entry points for major cybersecurity breaches if incorrectly addressed. The better-informed end users are around cybersecurity, the better they will manage their responsibilities and help mitigate risk to the business.

Employee Negligence One of the Top Threats to Cybersecurity

When we asked IT leaders how serious they think employee negligence is when it comes to cybersecurity risks to their organizations, here’s how they responded:

Most (53%) decision makers agree that employee negligence is one of the top sources of cybersecurity risk. Here’s how serious it is:

Consider the number of user errors that result in security incidents each year. Then think about the subsequent productivity losses and the person-hours required for recovery. Now, factor in any regulatory fines and the loss of customer trust and business reputation. That reduction could easily mean the difference between thriving and struggling as a business.

So, what can organizations do to minimize it? Thankfully, businesses are paying attention and taking preventative and corrective action.

We asked IT leaders and decision makers what measures they have in place to minimize risky user behavior resulting in a decrease in cybersecurity incidents in their organizations. See their responses below:

The most common cybersecurity protocols in place are strong password policies (74%) and phishing tests (65%). Cybersecurity awareness computer-based training (SACBT) platforms (53%) and employee knowledge testing (52%) are also gaining popularity and are not very far behind. Majority of businesses are taking steps to implement cybersecurity awareness training for employees with a multi layered approach.

Storagepipe has found that implementing engaging training courses and faux phishing campaigns to help test end users’ knowledge are key to ensuring that employees gain and retain valuable cybersecurity awareness and skills as well as help to identify employees that are susceptible to phishing. These employees can automatically receive additional training to enable better learning outcomes and overall cybersecurity for your organization.

Download the full report to find out what are the common challenges decision makers face when it comes to providing Cybersecurity Awareness Training to end users and employees. Tech decision makers can use this report to benchmark against their peers. Get your copy today!

Cyber Security Awareness Training Programs:

The National Security Agency reports that over 90% of cyber attacks are preventable with basic Cyber Security Awareness Training. So, by just taking a cybersecurity awareness course and keeping in mind all the points listed in this article, you might already be a few steps ahead of those cyber-criminals and save yourself from serious issues and huge losses!

Running quarterly cybersecurity awareness training programs along with simulated phishing campaigns often results in a reduction in end-user click-through rates on the test emails and their faux links. When the click-through rate on phishing simulations drops during training sessions, end users carry over that cybersecurity savviness into the real world, resulting in reduced clicks on malicious emails.

Storagepipe’s Cyber Security Awareness Training provides the continuous, relevant, and measurable testing and education that businesses need to minimize risky user behaviors and resulting security incidents. We also provide in-depth and executive summary reports on training and campaign results that enable IT departments to easily track and share key performance indicators with organizational stakeholders for improved visibility, decision-making processes, and outcomes.

Secure your business and employees while improving cyber resilience to minimize security incidents and unforeseen costs.

Let’s Connect!

Ransomware Statistics to Guide Your Ransomware Recovery Plan

September 8, 2022

What is Ransomware?

A ransomware attack is when malicious threat actors strike organizations with malware that encrypts data and paralyzes systems and networks, refusing to restore them until a ransom demand is met. Oftentimes even when payment is made, the data is never recovered.

These ransomware attacks first focused on large institutions and enterprises, prompting urgent cybersecurity upgrades across industries. Increasingly, threat actors are shifting their sights from large companies that have made investments in their defenses, to vulnerable small and medium sized businesses that are easier targets.

As ransomware attacks continue to create headlines, the data protection and cybersecurity experts at Storagepipe wondered, ‘What are technology decision-makers really experiencing in the fight against ransomware?’

Gartner Peer Insights and Storagepipe surveyed 331 technology professionals who shared ransomware statistics and insights like:

• How many have experienced ransomware, and what were the outcomes
• What makes an organization vulnerable to ransomware
• Why ransomware attacks have been increasing

Download the full report for Ransomware Insights here!

How Common is Ransomware?

Overall, most IT leaders (57%) believe that their organization is likely to be hit by a ransomware attack in the next 12 months.

Over 70% of IT leaders have worked in an organization that has experienced a ransomware incident.
Of those who have already experienced a ransomware attack (n = 234), 62% believe an attack is also likely in the future, compared to 45% of those who haven’t experienced a ransomware attack (n=97).

How Many Businesses Pay Ransomware?

At least 12% of ransomware attacks involved ransomware payments.

Desperate and ill-advised ransomware payments often fail to return the business to normal and verify for the attackers that the business is a profitable target that they should hit again for ransomware double extortion.

Overall, following a ransomware attack, only 54% of leaders were able to fully recover their data. However, for those whose organization paid the ransom (n = 29), 52% experienced full ransomware data recovery, compared to 65% for those whose organization did not pay the ransom (n = 147).

Despite the common-sense wisdom of ‘never reward bad behavior’ and the ransomware stats to back that up, a staggering 45% of surveyed respondents agreed that ransomware payments should be considered an operating cost for businesses.

And only 22% replied that organizations should never pay ransomware demands. As one VP pointed out, “People are paying, so there is a market. Frankly, I’d rather pay the penalty than pay the criminals.”

What are the Effects of Ransomware on Businesses?

As for repercussions, business reputational damage is viewed as the biggest consequence of a successful ransomware attack (83%), followed by the fear that it could inspire further or copycat ransomware attacks (70%), and concerns around government sanctions potentially being levied against them for making the ransomware payment (34%).

Businesses also acknowledge the negative impacts on their workforce, with 28% replying that they worry about staff redundancies to recuperate costs, and 27% fearing an expected loss of their C-Suite.

What are Ransomware Vulnerabilities?

Employees are the number one vulnerability point exploited by ransomware attacks, with 78% reporting employee negligence like weak passwords and accidental data exfiltration topping the list tied with ransomware attack vectors like email phishing and other social engineering campaigns.

Want more? Download the full report here for ransomware statistics revealing the industries that are most likely to be hit by ransomware attacks and the single main reason an organization falls victim to a ransomware attack!

Now that we understand the current ransomware and threat landscape, let’s look at how we can protect against ransomware with prevention and recovery strategies and services.

How to Protect Against Ransomware?

While it takes some planning, a cybersecurity strategy that is as multi-layered as your business is the best approach. This factors in how to protect your end users from falling prey to phishing all the way to 24/7 network monitoring for threat and vulnerability identification, to cloud monitoring for your SaaS applications like Microsoft 365, G Suite, Amazon Web Services, Azure, Dropbox and more.

Storagepipe has found that cybersecurity awareness training paired with simulated phishing campaigns provide organizations with a capability to evaluate and educate their end users on how to identify and avoid malicious ransomware emails and social media scams. Having cybersecurity-savvy end users leads to a reduction in risky behavior, threat exposure, and cybersecurity incidents.

Ransomware prevention technologies such as managed detection and response services (MDR) and robust anti-spam and anti-virus tools are critical to successful ransomware protection. In an increasingly hybrid office world, implementing strong end user and endpoint cybersecurity is critical. When compared to a centralized office environment that may have firewalls and other safeguards in place, remote work can require additional protections. Modern cybersecurity as a service (SECaaS) solutions combine endpoint cybersecurity with managed detection and response services for a comprehensive cybersecurity plan to protect multiple attack surfaces.

Recovery from Ransomware

Unfortunately, an ounce of prevention does not always result in a pound of cure. Many companies large and small are searching for flexible and affordable ransomware recovery services that can help them recover from ransomware across their endpoints, network, cloud, and SaaS applications.

Storagepipe excels at matching our customers’ business needs to the right disaster recovery services to meet their objectives, budget, and business model. For example, a disaster recovery service can help eliminate downtime impacts on production systems by providing options for full or partial failover so that your business can continue to operate while full restoration is completed behind the scenes. In addition to hot site high availability disaster recovery, Storagepipe offers innovative warm site disaster recovery that enables affordable staged recovery based on the business criticality and priority of your systems.

Contact our disaster recovery experts today to explore your best ransomware protection options!

Understanding Shadow IT: Risks, Benefits & Solutions

August 22, 2022

What is Shadow IT?

The term Shadow IT refers to information technology applications, software, systems, services, and endpoint devices that are utilized by an organization’s employees and/or end users without their IT department’s approval and support, and oftentimes operate outside of the enforcement of protective policies, data loss prevention strategies, and recovery solutions.

Read on for insights on Shadow IT impacts, benefits, risks and solutions from surveyed industry leaders and our experts.

Want more info? Download the full Shadow IT trends report here.

How Common Is Shadow IT?

When Storagepipe and Gartner Peer Insights polled 349 technology leaders and decision makers, over three quarters of respondents (78%) replied that Shadow IT is currently occurring at their organization.

Is Shadow IT Good for Business?

The question of whether Shadow IT is good for business is a controversial one. When surveyed, tech leaders whose workforces are actively participating in Shadow IT had split opinions with 41% replying that the practice has had a positive impact on their organization, while 39% replied that it has had a negative impact.

While the above stats show that general positive sentiment outweighs the negative among those who use Shadow IT, when the extreme ends of the scale are examined, only 1% think that it has had a strong positive impact, while 3% report a strong negative impact.

Another curious detail is the 15% of respondents that replied that Shadow IT has had no impact, which begs the question: if there’s no positives to be gained, why keep it in practice?

When the data from all respondents (those that do and don’t have Shadow IT active today) is examined, 28% feel that Shadow IT is somewhat positive, 32% say it’s neither positive or negative, and 29% say it’s somewhat negative, suggesting an uneasy overall ambivalence.

That is, until you look at the extreme ends of the scale again. This time, 3% of respondents reply that Shadow It is very positive, and 7% reply that it is very negative.

What is driving such a mixed reaction, despite the potential risks? Let’s find out…

What are some potential risks of Shadow IT?

Since many organizations struggle to monitor Shadow IT data use or the extent of confidential, sensitive, or proprietary information sharing occurring, data leakage is a major, underreported problem that is going unaddressed in many organizations. Left unchecked, this usage may have larger cybersecurity, compliance and competitive consequences that are difficult to assess and fully appreciate until it is too late.

For example, “Organizations can’t protect what they don’t know exists,” shares Storagepipe CEO and President, Steven Rodin. “Shadow IT eliminates organizations’ ability to use their standard backup and retention policies or disaster recovery plan to recover affected data and applications. These systems exist outside of their control and create big gaps in data protection and business continuity that can result in critical and damaging data loss, downtime, and regulatory penalties.”

While it is tempting to value the upfront workload relief, smart technology leaders know that their IT workload will explode into an unmanageable mess the moment their company’s use of Shadow IT becomes a vector for a cyberattack, leads to customer data loss and compliance action, enables insider threat actors to walk away with intelligence and into the arms of a competitor, or a myriad of other equally damaging disasters occurs.

What are some potential benefits of Shadow IT?

Despite the risks, the use of Shadow IT is persistent and widespread across all industries and business sizes, suggesting that there are positives for employees and the companies where they work.

Surveyed respondents agreed, with 92% indicating that there are benefits to the practice, including increased innovation (50%) and improved end-user satisfaction (40%). Increased IT agility, improved end-user productivity, and reduced IT workload tied for third place (36%).

Organizations can learn from employees who utilize unapproved applications such as large file sharing and storage tools, project management software, appointment-booking and other aides for their personal and professional convenience. Companies can gain insights on where there are gaps in the approved technology stack, assess the benefits that these rogue tools deliver, compare against their evolving business needs, and potentially bring them out of the shadows and into the approved fold. This will enable the organization to benefit from their full potential while also enjoying protection and oversight from the IT department to reduce risk and effectively respond to incidents.

Are there hidden costs in Shadow IT?

Considering that ‘reduced IT workload’ benefit ranked high, there may be pushback from IT staff when asked to monitor and manage this additional workload and the dedicated resources and budget that requires.

Efforts are being made at many companies despite the challenges. Of the respondents whose workforces currently practice Shadow IT, 73% spend up to 20% of their overall IT budget on the practice.
Despite these investments, 74% shared that while IT has some oversight with Shadow IT, gaps remain.

Shadow IT Solutions: MDR (Monitoring, Detection & Response) and Disaster Recovery Planning

What if organizations could harness the benefits that Shadow IT delivers while proactively mitigating the risks in real-time and keeping their IT workloads and budgets under control?

As 13% of respondents with Shadow IT know, continuous monitoring and centralized control procedures can provide effective and comprehensive visibility and management. Also known as monitoring, detection, and response (MDR), this managed service is focused on the security of endpoints, the network, and the public cloud, providing visibility into the Shadow IT realm. Whether an end user plugged a device into the network or installed a questionable program on their computer, MDR can identify, assess, and resolve many issues introduced by Shadow IT before they become problems for the business.

Storagepipe always recommends a multi-layered approach to cybersecurity and IT-related business continuity. In addition to MDR, establishing organization-wide guidelines such as a disaster recovery plan (get our template here!) can help uncover and document Shadow IT elements, and consistent cybersecurity awareness training can inform and support employees to avoid risky behavior. Encouraging and where possible mandating Two Factor (2FA) or Multifactor Authentication (MFA) can help keep systems and applications secure, even those without official IT oversight.

Lastly, the first step that every organization should take in their data protection strategy is to implement a backup and recovery solution that can protect their on-prem, cloud, and SaaS data and systems, works for their budget and business model, and meets their Recovery Point Objectives and Recovery Time Objectives. After all, you can’t recover what you haven’t saved.

Want more insights about Shadow IT and quotes from leading technology professionals on how they’re approaching the challenges? Get the full Storagepipe and Gartner Peer Insights Shadow IT survey report here.

Want to see how these solutions can work for you? Contact us!

Cybersecurity Awareness: 7 Tips For The April Fool In All Of Us

April 1, 2022

Let’s be honest, nearly all of us have been victims of a friendly April Fool’s prank at some point. The day (and month!) is full of (mostly) harmless pranks and jokes by friends and family. But let’s not forget that getting targeted by hackers and cyber criminals is also very much a reality. Pranksters love to play jokes on businesses and unsuspecting individuals, but cybercriminals like to take advantage of this time to cause serious security incidents with unforeseen costs.

April fools’ day is not the only day these cybercriminals use to take advantage of people’s naivety and lack of awareness, the frequency of these cyber crimes has actually been growing for a while. With a reported 150% rise in ransomware attacks between April 2020 and July 2021, it is becoming increasingly important and essential for people, especially employees to learn more about how they can protect themselves as well as their organizations from hackers and different types of cyber criminals.

This April Fool’s Day, Storagepipe would like to raise awareness around cyber-attacks, share with you some common examples of the tactics used by cyber criminals and discuss how you can identify scams and protect yourself, your businesses, your employees and your customers.
Let’s get right into it. Here are some of the most famous internet and telephone scams that you must have heard of:

The CRA Scam:

This is a very common scam in Canada, especially during tax season. You might receive calls or emails that may seem to be from the Canada Revenue Agency (CRA). You might be told that you owe taxes or that you are in trouble with the tax department and that you must make payments or give out your credit card or banking information. Sometimes they might even send you links to fake websites that might look exactly like the real CRA website. It is best to just hang up on the call or delete these emails. The real CRA will never call, email, or text you asking for this kind of information.

The Prize / Lottery Scams:

In these types of scams, you might get a phone call or email saying that you have won a prize, such as cash, a car, an iPhone or a vacation. The scammer will tell you that you need to make a payment to collect your prize, and they might ask for your credit card or banking information. You obviously won’t receive the prize that you were promised but now the scammer can make charges on your credit card, or worse drain your bank account. Once you lose the money, you probably will not get it back.

The Nigerian Prince / Emergency / “Grandparent” Scams:

In these types of scams, the scammers pretend to be close friends or relatives in trouble. A very common one is when the scammer pretends to be a long-lost relative who is a Nigerian prince that needs your help to save his life or to move large sums of money internationally. This scam is so popular and successful at reeling in victims that it’s earned the name, ‘cat fishing.’ They might ask you to send money because of an accident, an injury, an arrest, or a robbery. And just like with all the other scams, this is likely just a way for scammers to get access to your bank account. They often target seniors but anyone of any age can be the victim of these kind of scams.

Other examples include phishing, social media account hacking, fake cryptocurrency, fake charities, fake lotteries, fake surveys, fake kidnapping, fake tech support, fake free stuff, identity theft, and the list goes on and on!

Now that we’ve talked about how hackers commonly target individuals and employees, let’s discuss what you could do to prevent yourself from falling for their tactics. Here are some ways you can ensure that you, your data and your systems are protected:

1. Adopt a strong Password Management strategy:

It is always advised to use strong, unique and difficult to guess passwords for all your accounts and devices to ensure your data is protected across all different systems. We understand that it can be hard to remember numerous unique alphanumeric combinations (which aren’t a combination of your dog’s name and your birth date) for different accounts and devices, that’s why we recommend using a reliable password manager service. A secure password manager can automate the process of creating, encrypting and storing individual passwords so that you don’t have to remember dozens of them at all times. Also, don’t forget to keep updating these passwords every now and then as another precautionary measure.

2. Utilize Multi-factor Authentication features:

Using a multi step verification/ authentication process while logging into your accounts and devices adds another layer of security to your data protection strategy. Using a reliable authenticator app or using built in application-based unique one-time-passwords (OTP) through email, text messages or calls are very helpful in this process. They are used to add another layer of protection to prevent access in case hackers somehow gain access to your passwords.

3. Do NOT click on links or attachments from unknown email addresses:

It only takes ONE wrong click to download viruses or give hackers access to your entire computer system. So, if you receive suspicious emails with links or attachments, don’t click on them unless you’re absolutely sure they are from reliable sources.

Storagepipe provides superior protection against ransomware, viruses, malware, spear phishing, email DDOS and undesirable emails. Our Fully Managed Anti-Virus and Anti-Spam Services are just what you need to strengthen your multi-platform threat prevention strategy.

4. Look for the ‘S’ in https:

Continuing with the above listed point, another good indicator of a potential problem is if you receive a URL in an email without the ‘S’ after the http in the link. The ‘S’ literally stands for ‘secure’ and indicates that the website has an SSL (Secure Socket Layer) certificate. You should always hover your mouse over any link to see it’s true destination and if you can’t see the ‘S’, you definitely should NOT click on the URL.

5. Invest in Cybersecurity Awareness Training programs:

The National Security Agency reports that over 90% of cyber attacks are preventable with basic Cybersecurity Awareness Training. So, by just taking a cybersecurity awareness course and keeping in mind all the points listed in this article, you might already be a few steps ahead of those cyber-criminals and save yourself from serious issues and huge losses!

No matter how large or small a business is, it’s a target for cybercriminals. That’s because it can only take a single unwitting click on a phishing link to grant criminals access to everything on a given network and, in some cases, beyond. It’s also why security awareness training and phishing simulations are essential for organizations who want to transform end users from the weakest link in the security chain, into a truly resilient first line of cyber defense.

Storagepipe’s Cybersecurity Awareness Training provides the continuous, relevant, and measurable testing and education that businesses need to minimize risky user behaviors and resulting security incidents.

6. Schedule regular Data Backups:

Storagepipe’s Backup as a Service (BaaS) solutions provide Complete Data Protection for VMware, Hyper-V and Physical Systems among other things.

World Backup Day falls on March 31st every year, the day before April Fools Day, which is perfect timing to make sure all your regular data backups are scheduled are running properly across all devices and platforms. The “I’ll do it tomorrow” approach on World Backup Day could land you in some serious trouble in case you get fooled the very next day on April Fools’ Day!

If you’re not sure where to begin, here’s a guide Storagepipe created with 3 Effective Data Backup and Recovery Strategies to help you plan things better and be prepared with a recovery plan in case disaster strikes! Which brings us to our final point below.

7. Have a Disaster Recovery Plan ready:

No matter the size, location, or industry, organizations need to take the time to put together a well-thought-out and practical strategy for implementing DR best practices and scheduled maintenance.

We hope you can now better understand how common and dangerous cyber threats, hacking, viruses, malware, ransomware and other cyber attacks are. However, more than 90% of these incidents are preventable with the right kind of Cybersecurity Awareness Training.
If you spend some time learning more about how these cyber attacks work, how hackers and scammers approach people, what kind of tactics they use and how you can deal with them, you can prevent cyber attacks and protect yourself from becoming one of their victims.
The World Wide Web is an incredible source of information, innovation, and entertainment! Have fun with it, keep learning new things, all while staying vigilant and safe on the internet!

Learn more about Storagepipe’s Cybersecurity Awareness Training!

Have any questions? Contact Us to learn more about all our services!

Happy April Fools’ Day! We promise we won’t fool you though!

Backup and Data Recovery Trends 2021 Vs 2022

December 20, 2021

Hello friends,

2021 marks Storagepipe’s 20th anniversary as a cloud backup and disaster recovery innovator and pioneer, and we couldn’t have done it without our customers, partners, and supporters like you. Thank you for your continued trust and collaboration, which gives us the opportunity to do what we enjoy everyday.

As we close out the year, here’s our annual roundup of Backup and Data Recovery Trends for 2021, and what we are expecting for 2022.

Ransomware Focuses on Infrastructure

Ransomware continued to threaten security for organizations of all stripes and sizes, with the European Union Agency for Cybersecurity (ENISA) reporting a 150% rise in ransomware attacks between April 2020 and July 2021.

Over the year, targeting became increasingly focused on certain sectors. Globally, there was a significant increase in attacks on industrial companies. CBC reports that in Canada, in 2021 ransomware attacks were focused on organizations providing critical infrastructure and services such as medical institutions, energy providers, and manufacturers. The US Treasury shared that ransomware payouts in 2021 could equal more than the total amount paid over the last decade. Given the profitability, security experts predict that ransomware cases will continue to rise in 2022.

Check out Storagepipe’s Ransomware Series where we discuss ransomware best practices and critical steps to evaluate your risk level, protect your business, and rapidly recover from data disasters.

Natural Disasters Causing Technical Disaster

The increase in natural disasters experienced worldwide in 2021 has highlighted businesses’ vulnerability to uncontrollable and localized disruptions to their facilities and hardware. A natural disaster may strike anywhere and occur in the form of fires, floods, hurricanes, winter storms, earthquakes, and lightening strikes that can cause power surges and other damage leading to significant downtime and costs. With the escalating rate of severe weather events happening worldwide, prevention of data loss due to natural disasters will continue to be a pressing concern in 2022.

Click here to read more on how to Enable Data Loss Prevention in Case of Natural Disasters

Remote Work is Here to Stay

2020 saw a mass migration of businesses and their workers moving to remote work, and the trend is here to stay. Storagepipe has helped our customers throughout the pandemic, from enabling businesses to rapidly adopt remote collaboration technologies like Microsoft Teams and SharePoint, to ensuring email continuity and integrity with Managed Anti-Spam. And as always, our core is backing up your valuable data and ensuring disaster recovery for your critical systems when emergencies strike.

Click here to see how you can securely support remote workers in the Cloud.

About Storagepipe

Storagepipe is a trusted global provider of comprehensive cloud, data protection and security services.

Since 2001, Storagepipe has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Storagepipe delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Storagepipe Experience that meets your business requirements with the reliability, scalability and support that your business demands.

Have questions? Contact Us!

Storagepipe Acquired by Thrive for Canadian Expansion

Storagepipe Named Veeam Cloud & Service Provider Partner of the Year 2021 for Canada