rolffimages - Fotolia

ANZ organisations using antiquated backup and recovery systems

Nearly half of ANZ organisations are still using backup and recovery systems from over a decade ago, hampering their ability to protect their data assets and recover from ransomware attacks

Many organisations in Australia and New Zealand (ANZ) are still relying on outdated backup and recovery systems to protect their data from ransomware, according to research commissioned by data management specialist Cohesity.

The survey of more than 500 IT and security decision makers at businesses in ANZ was conducted for Cohesity by Censuswide.

A surprising 46% of respondents said their organisation relies on primary backup and recovery infrastructure that was designed in 2010 or earlier. About 20% were still using backup systems designed between 2000 and 2005, and 4% admitted continuing to rely on 1990s technology.

These old backup and recovery systems are unlikely to handle the challenges of operating a multicloud or hybrid environment (42% of respondents store data on-premises, 43% in public clouds, 54% in a private cloud, and 40% use a hybrid model), or to take advantage of the facilities provided by such environments to enhance data protection.

In addition, the massive growth in the volume of structured and unstructured data generated and stored by organisations over the intervening years can present issues for outdated backup systems.

Nor were such systems designed to handle the threats posed by today’s cyber attacks, especially those involving ransomware.

Compounding the problem is a lack of confidence in organisations’ ability to react to attacks, with 63% of respondents in ANZ expressing some level of concern that their IT and security teams would be able to mobilise efficiently to respond to an attack.

“IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data,” said Michael Alp, managing director for Australia and New Zealand at Cohesity.

“Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.”

Alp, who took up his current role in June 2022, noted that the challenge for many organisations is that “their data environment stretches across multiple places, whether it is in datacentres, cloud – public or private – and at the edge.

“As a result, they struggle to have comprehensive visibility of their data, which leads to compliance risks and undermines their security posture,” he said.

Regarding the continued use of “archaic” backup technology in today’s far more complex environments, Alp said the fact that any organisation is still using technology that was designed in the 1990s to manage their data is frightening, given that data can be compromised, exfiltrated and held hostage, creating massive compliance issues for organisations.

“With 5% of respondents saying their organisation relies on outdated data infrastructure, or does not have backup and recovery infrastructure at all, it raises the question as to how many other businesses are in the same situation?”

The survey also looked at the perceived barriers to getting an organisation back up and running after a successful ransomware attack.

A third of respondents mentioned antiquated backup and recovery systems, but the most common concern was integration between IT and security systems (37%).

That was followed by the lack of coordination between IT and security (35%), and the lack of an automated disaster recovery system (33%). Also mentioned were the lack of a recent, clean, immutable copy of data (33%), and a lack of and timely detailed alerts (31%).

Alp said: “Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the US National Institute of Standards and Technology (NIST) framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface.

“Next-generation data management platforms can close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors who take great delight in exfiltrating data from legacy systems that can’t be recovered.”

Read more about IT in ANZ

  • Dell Technologies has developed a deep learning model to speed up labelling and analysis of images of Australia’s Great Barrier Reef in move to support coral reef conservation.
  • BE Switchcraft has rolled out a radio frequency identification system to track production jobs and streamline manufacturing processes.
  • Tata Consultancy Services worked with the Australian Energy Market Operator to build a new system that speeds up electricity market settlement.
  • With a strong DevOps culture, Bendigo & Adelaide Bank has been moving its most important applications to the cloud in a journey that has already reaped returns.

Read more on Data protection, backup and archiving