We’re wrapping up the year with our annual Data Protection, Backup and Recovery Trends Report, where we share the most urgent, prevalent, and emerging challenges that we helped our customers solve with managed Cybersecurity , Backup as a Service and Disaster Recovery Services.
As we look back on 2022, we appreciate all the customers, partners, and supporters that joined us through a challenging winter, a fast-paced summer, and an autumn jam-packed with new opportunities.
Understanding this past year’s trends helps you to establish a benchmark as you consider your organization’s Data Protection opportunities and challenges and begin to plan for 2023.
Microsoft 365 Migration Shifted to M365 Data Protection
After a rapid adoption phase in 2020 – 2021 spurred by expected growth in digital transformation initiatives and the unexpected Covid-19 pandemic necessitating a massive shift to remote and hybrid work models, IT departments began reassessing their data protection needs in 2022.
In the rush to adopt, migrate, and deploy, data protection considerations can be overlooked. While many appreciate the collaboration made possible with Microsoft 365, some are unaware that the protection of data generated by these applications is their business’s responsibility. Microsoft does not perform backups on a company’s behalf, and they do not provide recovery services.
Microsoft’s Shared Responsibility Model states that they are responsible for ensuring that the platform remains accessible and available, while the customer is responsible for ensuring that their data is backed up and recoverable in the event of a disaster. If an adverse incident such as a security breach or ransomware attack strikes, Microsoft will not recover your data for you.
The risk of falling victim to ransomware is ever-present, with phishing emails and their mishandling by end users continuing as the #1 vulnerability vector. Malicious actors took advantage of the trust people have in Microsoft’s brand by embedding well-known file types such as Excel and Word with malicious links and code and adding them as email attachments from addresses that include ‘outlook’ in their domain. These tactics almost doubled in popularity between Q1 and Q2 2022.
Throughout 2022, Storagepipe has spread awareness of these dangers to your data and worked with businesses of all sizes to put effective managed anti-spam, backup, and disaster recovery plans in place.
Learn how organizations can achieve complete Microsoft 365 Data Protection in our helpful guide here.
All Businesses At Risk For Ransomware
In 2020, bad actors attacked big, enterprise targets – companies that had the deep pockets to pay out. As those businesses strengthened their cybersecurity posture and disaster recovery plans in response, they became more challenging to victimize. This spurred a shift in tactics from the private to the public sector, as large healthcare, infrastructure and energy, and government organizations became the new favoured prey throughout 2021.
After several headline newsworthy incidents, the public sector began taking notes from the private sector’s hard-won lessons and shored up their backup and recovery, as well as their cybersecurity monitoring, detection, and response capabilities.
As large entities in both private and public sectors came under attack, insurance companies bore the brunt of hefty ransomware payouts and criticism that their policies were rewarding bad behaviour. Fast-forward to 2022, and the terms – and costs – of cybersecurity insurance policy renewals have become eye-watering and for some SMBs, prohibitive.
Large businesses and government agencies may be able to absorb the increased expenditures and resources needed to meet the new compliance requirements. However, small and medium sized businesses can struggle to justify the spend when comparing risks, costs, and benefits. Especially with the added assumption that malicious actors only focus their attacks on enterprise sized organizations.
In 2022, that assumption proved to be disastrously wrong. For starters, data protection safeguards against more than just ransomware. It protects organizations from insider threats, accidental deletion or other user errors. It also protects against facility and hardware failures triggered by outdated equipment, misconfigured networks, connection downtimes, and natural disasters that wipe out entire regions.
While other threats have always existed, small and medium-sized businesses were often considered less profitable targets than the Fortune 500 set. And while malware incidents were common, expensive, and disabling, ransomware attacks before 2022 were less common for SMBs. This meant that their backup, recovery, and cybersecurity requirements weren’t as high as their larger peers’, and in turn less investments were made in keeping critical data and systems secure.
As 2022 progressed, that norm rapidly changed.
Ransomware has transformed into a business type of its own, with Ransomware-as-a-Service models, organized programmers providing regular patches and updates, and entire departments dedicated to extorting and processing payments that enable malicious actors to grow their attacks at scale. Some ransomware groups even have toll-free phone numbers that victims are told to call for more instructions, and chat support teams that have queues of victims waiting to pay.
Like all businesses, they need to produce a profit. Cyberattacks on enterprises have become time-intensive, with uncertain success. Even if malicious actors can breach the increased defenses made possible by improved firewalls, anti-spam tools, and virus blockers, their intrusions are increasingly discovered and rooted out by sophisticated cyberthreat detection and response before they can launch the full attack and lock down the victim’s systems. When the attackers can make their ransomware demand, they are increasingly being rebuffed thanks to their victims’ growing ability to fully recover their data and environments with managed backup and recovery services, and reluctant insurance companies balking at the claims.
From the attackers’ point of view, shifting their efforts to less protected, unsuspecting small and medium businesses makes good business sense. While the revenue per attack may be less, the number of attacks and success rate more than makes up the difference. As a result, many SMBs have been devastated in 2022 by downtime, data loss and egress, system corruption, compliance liabilities, steep insurance deductibles and premiums, and reputational damage. For some, these impacts have led to permanent business closure.
As we near the end of 2022, businesses and organizations of all sizes now require enterprise-grade data protection, disaster recovery, and cybersecurity to ensure their business continuity into 2023 and beyond. Thankfully, there are flexible and cost-efficient services available such as Warm Site Disaster Recovery.
Contact us to discover your options today!
Managed Detection and Response (MDR) Has Changed the Playing Field
As threat actors become more prevalent, organized, and multi-pronged in their attacks, businesses need a more coordinated strategy to guard their three main attack surfaces – endpoints, networks, and cloud/SaaS – 24/7. Realistically, most businesses lack the resources to ensure that level of coverage, or the expertise required to keep up with the rapidly evolving threat landscape.
With the necessity, came the invention. Managed Detection and Response Services simplify cybersecurity management with all-in-one 24/7 analyst-verified threat data and prioritized, actionable observations and recommendations to identify and counter cyberthreats before they take hold.
Now businesses of all sizes can block, discover, and disable attacks before they lock down systems and data, denying bad actors the chance to ransom organizations out of business and completely changing the threat landscape playing field.
What are your thoughts on our Trends Report? Let us know!
Data Protection with Cybersecurity, Backup and Recovery Services 2023 Trends Forecast
For forward-looking insights, check out what we’re expecting to trend in Cybersecurity services and Backup and Disaster Recovery services in 2023 as we help organizations plan and implement their cyber resilient Data Protection strategies.
Questions? Contact Us!