Cohesity research reveals infrastructure vulnerabilities

Brian Spanswick, CISO at Cohesity

New global research commissioned by Cohesity, a leader in next-gen data management, reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyberattacks plaguing enterprises globally.

Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilize if and when a cyber attack occurs. Nearly 60% of respondents1 expressed some level of concern that their IT and security teams would be able to mobilize efficiently to respond to an attack.

“IT and security teams should raise the alarm bell if their organization continues to use antiquated technology to manage and secure their most critical digital asset – their data,” said Brian Spanswick, chief information security officer, Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyberattacks.”

Backup and Recovery Infrastructure That Could Be Considered Archaic

Forty-six percent of respondents said that their organization relies on primary backup and recovery infrastructure that was designed in, or before, 2010. Nearly 100 respondents (94 out of 2011) revealed that their organization relies on backup and recovery infrastructure that was built before the new millennium — in the 1990s.

Enterprises are utilizing this legacy technology despite the fact that managing and securing data environments has become much more complex, not just because of the exponential growth in structured and unstructured data, but because of the vast array of locations where that data is stored. Forty-one percent of respondents stated that they store data on-premises, 43% rely on public cloud storage, 53% utilize a private cloud, and 44% have adopted a hybrid model (some respondents are using more than one option).

“In 2022, the fact that any organization is using technology to manage their data that was designed in the 1990s is frightening given that data can be compromised, exfiltrated, held hostage, and it can create massive compliance issues for organizations,” said Spanswick. “In this survey, we found nearly 100 respondents who said their organizations are relying on outdated data infrastructure, and this raises the question, how many other businesses are in the same situation around the world?”

What Keeps IT and SecOps Teams Up at Night

Respondents highlighted what they believe would be their biggest barriers to getting their organization back up and running after a successful ransomware attack. The findings are as follows (respondents were asked to check all that apply):

· integration between IT and security systems (41%)

· lack of coordination between IT and Security (38%)

· lack of an automated disaster recovery system (34%)

· antiquated backup and recovery systems (32%)

· lack of a recent, clean, immutable copy of data (32%)

· lack of and timely detailed alerts (31%)

With respect to the lack of coordination between IT and security, this coincides with other findings from this survey denoting that a gap often exists between IT and SecOps that puts businesses and security postures at risk.

For more news and exclusive features, please see our Q2 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922

Subscribe to our newsletter

Don't miss new updates on your email