Cyberstorage gained more attention in the media in 2021 with the rise in storage hacks, ransomware attacks, and cases of immutable storage erased.
As these types of attacks increase, the “business value” of data continues to grow. That’s probably one of the main reasons why attacks on data are still the greatest cybersecurity threat to organizations.
Another is that hackers realize that most organizations’ storage and backup systems are still at risk. Here at Continuity, we ran surveys last year that showed that on average, enterprise storage devices have 16 security misconfigurations – 3 of which are critical. That means we still have a lot of work to be done educating organizations on the risks to their storage and backup systems.
Keeping this in mind, I wanted to share a few of my predictions for 2022:
1. Data-targeted cyber-crime will increase in number, cost and sophistication
2021 demonstrated that organizations are still failing to keep up with the ability of cybercriminal groups to innovate and adapt to new technology. That means that in 2022 we can expect to see more attacks – especially ransomware, as well as a sharp increase in the average cost per incident.
In addition to ransomware, supply-chain attacks can damage much more than a single organization. These types of attacks involve compromising an organization’s code to infiltrate its customers, employees, and partners. They can also execute record-level manipulation that could be used to exfiltrate funds or impact the medical treatment patients receive. That’s why supply chain attacks can quickly impact entire industries and economies.
Cybercriminal groups will also expand the scope of their attacks. Modern criminal groups will target not only endpoints and servers, but also central storage systems and their backup infrastructure.
By successfully infiltrating these new targets, they can:
- Completely thwart recovery efforts by destroying or tampering with backups (including offsite cloud-based copies and immutable storage);
- Siphon out petabytes of data easily stored on a single storage or backup system;
- Evade detection by existing Data Loss Prevention (DLP), Intrusion Detection Systems (IDS), and most modern threat intelligence solutions. Some hackers actually take advantage of cloud-based offsite backup solutions which, if not secured properly, can provide access to copies of huge datasets without introducing any visible load on production systems
2. Many organizations will still do a poor job securing storage and backup
Organizations have many misconceptions about the security of their storage systems and backups which leave them susceptible to compromise.
First, they believe that their storage systems are too obscure and too embedded in their datacenter to be penetrated from the outside. Unfortunately, storage systems are one of the weakest links and easy for hackers to access.
Second, they still believe that backups provide bulletproof recovery, but backup environments are more complex than most security executives realize. Most data recovery relies on multiple tiers that offer different layers of protection, each with its own recovery speed (which is another issue with backups)
Finally, organizations also believe that existing risk detection and mitigation strategies are sufficient to detect sophisticated attacks on storage and backups that tamper with the backup process itself. This is a dangerous misconception because if these systems are not reinforced, isolated, and secured properly – even the most advanced backup systems can be bypassed.
For these reasons, we shouldn’t be surprised if in 2022:
- Direct exploits of storage and backup will be used to extort tens of billions of dollars;
Insecure NAS devices, SAN fabrics and central backup systems will expose petabytes of sensitive information;
- Even organizations using “holy grail” technologies (such as offsite cloud-backup and immutable storage solutions) will not always be able to recover from attacks.
3. Governments and policymakers will tighten supervision
Organizations report that they are now starting to pay much more attention to their storage and backup security than ever before. In a recent study we conducted among CISOs from 200 financial services around the globe, more than two-thirds confirmed that auditors were recently hired to review their storage and backup systems.
We’re expecting to see much stricter national and international guidance to organizations to tighten their data protection solutions and to avoid negotiating with criminals.
4. Organizations will gain awareness of their need to secure data as well as the data protection and recovery environments
Organizations will start to understand the need to secure their storage and backup environments more systematically. In other words, organizations will require better auditing, testing, and mapping of their storage and backup assets, as well as the ability to better assess data sensitivity, its importance and define the requirements for data protection.
Gartner and NIST have made the following recommendations which I believe will start to be implemented more in the coming year:
- Infosec and IT infrastructure teams will need to work more closely than ever before;
- The security posture of storage and backup will need to be continually assessed, with gaps in security remediated automatically;
- The right technologies will need to be matched to the data protection requirements (e.g., CyberStorage – a term coined by Gartner, air-gapping, etc.).
A new year for storage and backup security
So that wraps up our predictions for 2022. As we approach the start of a new year, it will definitely be interesting to see how these predictions unfold. In the meantime, there are actions your organization can take to reduce the risk of attacks on its storage and backup systems. For example, you can start by assessing your storage and backup cyber resilience. You’ll get a maturity score to measure your storage and backup security, and receive practical recommendations to help you build an operational plan for 2022.