Nexsan Survey Shows Gaps in Storage Cybersecurity

A survey, conducted by Nexsan, Inc. on companies over 500 employees across all industries revealed that 6 out of 10 organizations have experienced some form of cyberattack targeting their storage in the past 12 months – but less than half follow proper steps to defend vs. emerging cyber threats and ensure quick recovery.

The survey showed that while respondents generally understand the importance of protecting data, including backups, from cybercriminals, the measures and practices they have in place are insufficient to safeguard the storage infrastructure and avoid excessive downtime when restoring data.

Among the findings:

• More than 90% of organizations indicated that they perform regular backups with offline copies to prevent ransomware attacks, but only 40% utilize immutable backups to guarantee the safety, security and availability of their data.
• Less than 5% have no cybersecurity measures related to storage at all.
• 31% of organizations conduct security audits or assessments of their storage infrastructures “as needed” with 57% performing audits annually; 21.43% quarterly; and 19.05% biannually.
• More than a quarter of respondents do not formally assess the effectiveness of their cybersecurity measures, and only 12% conduct monthly data recovery exercises. Most troubling: almost a third perform no regular testing at all to verify their ability to recover from an attack.
• 77% of respondents believe that downtime from a breach should be less than 24 hours. Fewer than a third (5%) are confident they could fully recover business operations within hours or minutes of a cyber-incident.

Nexsan experts advise immutable backups, which are impervious to alteration, deletion, or encryption by the malware vector. Regularly testing data protection systems, including monthly “dress rehearsals” of attack scenarios, ensures cybersecurity measures work as intended. While the expectation of recovering within 24 hours is acceptable, without proper defenses and testing, organizations should have more realistic expectations.

“Cybercriminals have become more sophisticated, and exploit vulnerabilities in backup and storage systems to affect both primary and secondary data,” said Charles Burger, director of cybersecurity solutions, Nexsan. “This survey revealed that even organizations that have been victims of cyberattacks are often failing to ensure they are fully protected, and it’s incumbent on vendors to engage in better education about cybersecurity threats and defenses.“

Nexsan has developed a portfolio of solutions with data protection and recovery in mind. The company’s Unity NV6000, a unified storage system with built-in immutable snapshots, Amazon S3 support and enhanced disk-to-disk backup capabilities is tailored to meet the demands of modern IT environments.

Unity NV6000 excels in consolidating SAN and NAS workloads while simplifying storage infrastructure management. Its adaptability, reliability, data protection, scalability and streamlined management ensure organizations are positioned for long-term success in the ever-evolving digital landscape.

Offering built-in security, compliance and ransomware protection through its immutable volume and file system snapshot feature, which provides a robust defense to any accidental or malicious alterations, Unity NV6000 provides HA with dual-active controllers to enhance data redundancy, reducing the risk of disruptive downtime and ensuring uninterrupted business operations. When utilized in conjunction with Nexsan’s Assureon active data vault, SMEs enjoy unbreakable backup for the ultimate in data protection.