News

Hybrid-Cloud Cyber Resiliency Research: Cloud Just as Susceptible to Ransomware

• By David Ramel
• 11/03/2023

Veeam tapped data from several research projects to publish a brief on hybrid cloud computing and cyber resiliency, finding that clouds are just as susceptible to ransomware attacks, maybe even more so.

The data protection and recovery specialist combined three previously published trends reports about ransomware, data protection and cloud protection and wrapped up the data in the new Cyber Resiliency for the Hybrid-Cloud research brief.

To Veeam, cyber resiliency is a combination of cybersecurity and business continuity management practices that can help defend against potential dynamic cyberattacks and ensure an organization's survival following such episodes.

Data from more than 7,000 security and IT pros collected in the three reports resulted in four main takeaways:

• Clouds are just as susceptible to ransomware attacks, maybe more
• Cloud-based services are key to protecting datacenters and cloud-hosted workloads
• Using one cloud to protect another is a good idea; using the same cloud to protect itself is not
• The security, DR, cloud, and on-prem teams are not aligned; fix that first!

Some key data points backing up those highlights include:

• 86 percent of organizations said their cloud-hosted data was affected by ransomware.
• 38 percent of cyberattacks targeted cloud-hosted workloads.

  

• 45 percent are prioritizing protecting cloud-based data or using cloud(s) to protect their other data.
• On a positive note, 82 percent of organizations now utilize cloud-based storage that is capable of immutability.

  

"The last several years have seen the shift from on-premises datacenters to 'cloud, when it makes sense', to cloud-first strategies, to hybrid everywhere, to where most organizations are today with 'strategic multi-cloud' as the normal mode for delivering modern IT," the report said. "For 2024, the questions are not around whether to utilize cloud-based services, nor which cloud-services to utilize. Instead, organizations are asking themselves how many clouds are necessary -- and wondering how their IT teams will manage all their clouds, while ensuring cyber security prevention, data protection and other critical IT controls."

Specific questions for organizations to consider in regard to the research brief's findings, Veeam said, include:

• Are our backups both immutable and off-site?
• Are the backups managed by an experienced provider or are we managing our own
• Could we use cloud infrastructure as our disaster recovery site? If not, why not?
• Are we backing up all of our cloud-hosted data, including IaaS, PaaS and SaaS workloads? If so, are we using separate tools per cloud or deployed consistently across our clouds (and on-premises workloads)?
• How aligned are our teams related to backing up on-premises, IaaS, PaaS and SaaS?
• How aligned are our teams between cyber-preparedness and data backup?
• When was the last time we tested recovering our cloud-based data?
• When was the last time we tested a datacenter recovery at-scale?
• When was the last time we assessed and updated our cyber and BC/DR playbooks?

As far as what those organizations should do to address issues brought up in the brief, Veeam is holding a livestream event on Nov. 7 to look at the lessons learned from the research, along with some of the hybrid-cloud technologies and approaches used to either prevent or remediate from cyberattacks.