Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Veeam finds 93% of cyberattacks target backup storage

Issue 4 2023 Information Security

Organisations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat. According to new data in the Veeam 2023 Ransomware Trends Report, one in seven organisations will see almost all (>80%) data affected as a result of a ransomware attack – pointing to a significant gap in protection.

Veeam Software found that attackers almost always (93%+) target backups during cyberattacks and are successful in debilitating their victims’ ability to recover in 75% of those events, reinforcing the criticality of immutability and air gapping to ensure backup repositories are protected.


Chris Norton.

The Veeam 2023 Ransomware Trends Report shares insights from 1200 impacted organisations and nearly 3000 cyberattacks, making it one of the largest reports of its kind. The survey examines key takeaways from these incidents, their impact on IT environments and the steps taken, or needed, to implement data protection strategies that ensure business resiliency. This research report encompasses four different roles involved in cyber-preparedness and/or mitigation including, security professionals, CISOs or similar IT executives, IT operations generalists, and backup administrators.

“The report shows that today it’s not about IF your organisation will be the target of a cyberattack, but how often. Although security and prevention remain important, it’s critical that every organisation focuses on how rapidly they can recover by making their organisation more resilient,” said Danny Allan, CTO at Veeam. “We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance.”

Paying the ransom does not ensure recoverability

For the second year in a row, the majority (80%) of the organisations surveyed paid the ransom to end an attack and recover data – now up 4% compared to the year prior – despite 41% of organisations having a ‘Do-Not-Pay’ policy on ransomware. Still, while 59% paid the ransom and were able to recover data, 21% paid the ransom yet still didn't get their data back from the cyber criminals. Additionally, only 16% of organisations avoided paying ransom because they were able to recover from backups. Sadly, the global statistic of organisations able to recover data themselves without paying ransom is down from 19% in last year’s survey.

To avoid paying ransom, your backups must survive

Following a ransomware attack, IT leaders have two choices: pay the ransom or restore-from-backup. As far as recovery goes, the research reveals that in almost all (93%) cyber events, criminals attempt to attack the backup repositories, resulting in 75% losing at least some of their backup repositories during the attack, and more than one-third (39%) of backup repositories being completely lost.

By attacking the backup solution, attackers remove the option of recovery and essentially force paying the ransom. While best practices – such as securing backup credentials, automating cyber detection scans of backups, and auto verifying that backups are restorable – are beneficial to protect against attacks, the key tactic is to ensure that the backup repositories cannot be deleted or corrupted. To do so, organisations must focus on immutability. The good news is that based on lessons learned from those who had been victims – 82% use immutable clouds, 64% use immutable disks, and only 2% of organisations do not have immutability in at least one tier of their backup solution.

Do not re-infect during recovery

When respondents were asked how they ensure that data is ‘clean’ during restoration, 44% of respondents complete some form of isolated staging to re-scan data from backup repositories prior to reintroduction into the production environment. Unfortunately, that means that the majority (56%) of organisations run the risk of re-infecting the production environment by not having a means to ensure clean data during recovery. This is why it is important to thoroughly scan data during the recovery process.

Other key findings from the Veeam 2023 Ransomware Trends Report include:

Cyber-insurance is becoming too expensive: 21% of organisations stated that ransomware is now specifically excluded from their policies, and those with cyber insurance saw changes in their last policy renewals: 74% saw increased premiums, 43% saw increased deductibles, 10% saw coverage benefits reduced.

Incident response playbooks depend on backup: 87% of organisations have a risk management programme that drives their security roadmap, yet only 35% believe their programme is working well, while 52% are seeking to improve their situation, and 13% do not yet have an established programme. Findings reveal the most common elements of the ‘playbook’ in preparation against a cyberattack are clean backup copies and recurring verification that the backups are recoverable.

Organisational alignment continues to suffer: While many organisations may deem ransomware to be a disaster and therefore include cyberattacks within their business continuity or disaster recovery (BC/DR) planning, 60% of organisations say they still need significant improvement or complete overhauls between their backup and cyber teams to be prepared for this scenario.

“As data storage becomes increasingly complex, so too does the threat landscape and in turn, the threats of ransomware attacks significantly increase,” explained Chris Norton, Regional Director for Africa at Veeam Software. “Organisations need to be prepared against such a threat at all times, as it’s no longer a matter of ‘if’ or ‘when’, but rather, ‘how often’ when it comes to ransomware attacks. It’s important for businesses and their customers for them to position themselves to continue normal operations as quickly as possible. That way they’ll minimal losses to time, money, opportunities and most importantly, data.”

The full Veeam 2023 Ransomware Trends Report is available for download at https://www.veeam.com/ransomware-trends-report-2023




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.