NovaBACKUP Security Blog

World Backup Day 2022 - Data Breach Trends


World Backup Day 2022 is here, a reminder to take a critical look at our technology landscape and work hard to verify that our measures to protect data are rock solid.

In the last year, we've seen the format of business fundamentally change with remote work and education broadly accepted and implemented across many countries. This shift brought about security challenges for administrators and continues to be a vector for attack and potential data loss.

Other recent world events have gone further to create a sense of instability. Healthcare and financial sectors are rapidly preparing for an increase in cyberattacks as a response to moves taken by Western governments in Eastern Europe. Yes, this World Backup Day gives us plenty to think about when it comes to ensuring the integrity of our backups. Join us as we look at `some of the important trends and statistics that can help shape our security policies.

Last Year’s Momentum

We saw several high-profile ransomware attacks in the last year, but the real surprise was the extent to which small and medium-sized businesses felt the impact.  Research carried out by Checkpoint showed us that there was a 50% increase in overall attacks per week on corporate networks in 2021 compared to 2020. The latter part of the year especially saw a jump with the Log4J vulnerability widely being exploited. This puts an increasing priority on backup for SMBs as they have tighter budgets and fewer resources to recover from a data loss scenario.

IBM’s 2021 Cost of a Data Breach report gave us the winner of the title of highest industry cost for a data breach. With a 29.5% increase, the Healthcare industry led the way for the 11th year in a row. More concerning is that research shows that these attacks have been responsible for more extended hospital stays, delays in medical procedures, testing delays, and other effects that create adverse outcomes for patients (per the Herjavec Group's Healthcare Cybersecurity Report).

In 2021 breach of healthcare IT systems was 60% higher than attacks in 2020.
John Riggi, AHA National Advisor for Cybersecurity

Changes in work behavior caused by the pandemic have more people working from home than ever before. It was a sudden change that businesses had to adapt to, including having to rapidly adjust their security policies. NovaBACKUP recommends taking several measures to protect remote workers and secure critical business data. Businesses that did not adapt quickly enough may have found themselves at the end of a costly data breach. Remote work played a factor in 17.5% of the breaches in 2021. Furthermore, organizations with more than 50% of their team working remotely took far longer to identify and contain those breaches.

Remote work was a factor in 17.5% of breaches in 2021.
( Source: IBM Cost of a Data Breach report )

This Year's Direction

Western governments have sounded the alarms that the Russian-Ukraine conflict could trigger a major cyber conflict. Indeed, we have seen some recent attacks carried out by groups based in those regions. In fact, Ukraine was hit by DDoS and malware attacks by state-sponsored actors just prior to the invasion. But while an all-out cyber-war with the West has yet to materialize, we cannot take these warnings lightly. The world today is entirely too connected these days for us to remain unaffected when one of the world’s biggest energy exporters goes to war. Markets and supply chains are already feeling the stress of the pandemic with inflation in the U.S. growing at its fastest pace in 40 years. Add to that the weakness of recovering pandemic supply chains, and we find ourselves in an environment that is ripe to be exploited by cyber-criminals. As expected, the healthcare industry is paying close attention, most recently with the American Hospital Association recently acknowledging that hospitals and health systems may be targeted or incidental victims of Russian-sponsored cyber threats.

What The Criminals Are Saying

Announcements are coming out from various criminal groups based in Eastern Europe declaring their independence from any governmental ideology. The reason? It could simply be trying to keep their nefarious activities profitable. Top cybercrime groups focus on clients who are likely to have insurance as they believe that receiving payment might be easier. To counter, cyber insurance companies often build in exclusions for wartime sponsors of a government, described as a “force majeure” event. This could give insurance companies a loophole to avoid paying out on policies, putting criminal groups in an awkward situation. Appearing unaffiliated with any national conflict may be in their best interest, but that doesn’t mean they are any less destructive.

World Backup Day Reminders

There is no better time than now for readying your network against potential data security threats. Start with the basics and use today to verify that you've covered the fundamentals.

  1. Update and Patch
    All software, operating systems, and business applications should be updated with the latest security patches. This extends to collaborative tools, network hardware like switches and routers, firewalls - everything. Are you tracking which devices have been updated? There are excellent patch-management platform options available to you.

  2. Require Multi-Factor Authentication
    With so many employees working remotely, MFA must be enforced with strong passwords. Require multiple pieces of information to prove employee identity. This improves your level of security drastically.

  3. Define User Access and Permissions
    Limit user rights to that which is necessary to perform their duties. This helps prevent infection and/or slow the spread, should a ransomware event occur. Start new employees with limited rights from the beginning and increase the level later as needed.

  4. Educate About Cyber Threats
    It's no time to be complacent. Let's raise the level of awareness as to how employee behavior affects business data security. Offer real-world education on the vectors for attack, including social engineering and phishing.

  5. Test Your Security Response
    The data breach response plan you crafted a year ago may no longer be applicable today with ever-changing IT support teams and environments. Establish a clear emergency data recovery plan that every employee will expect during such a scenario. Your action plan must quickly stop damage and also restore data access and functionality.

  6. Fast, Reliable Backup
    Managed Service Providers rely on solutions like NovaBACKUP Cloud, to provide managed backup services that diligently protect client data. Their reputation is built on their ability to quickly access secure backups to get businesses back online when every second counts. 

A backup is only valuable if it's restorable. Whether a small or medium-sized business or a managed service provider, consider this World Backup Day as a great chance to test the viability and restorability of your backups. NovaBACKUP offers free backup consultation to help organizations meet all of their data protection requirements.

World Backup Day 2022Warnings from Western governments have raised the alert that malware may be coming as incidental spillover, or possibly even targeted attacks. Watch our recent webinar, entitled Increased Cyber Security Risk for a look at how to protect your data.