Nearly 57 per cent of Indian organisations suffered an unexpected downtime in 2020 due to data loss, reveals a survey by Acronis, a Singapore-based cyber security firm. The survey also showed that this happened despite nearly 70 per cent of these companies running as many as 10 solutions simultaneously and the remaining 30 per cent run more than 10 solutions.
Investing in more solutions does not necessarily lead to better cyber protection, Kevin Reed, Chief Information Security Officer, Acronis told indianexpress.com over a call. As the survey highlighted that while attacks continue, the lack of awareness among Information Technology (IT) professionals is adding to the cyber-security woes of companies.
“Everyone is working from home. And home networks are less protected than corporate networks. And corporate networks needed to be more open, because everyone is connecting from home. Companies had to accommodate for this which exposed them further to vulnerabilities,” he added.
An earlier survey by Acronis had shown that while 31 per cent of companies around the world are attacked at least once a day, India had the unique distinction of seeing twice as many attacks per day as any other country.
In India for instance, 35 per cent of IT users and 11 per cent of IT professionals would not know if their data had been modified without their knowledge or tampered with. Globally the figures stood at 63 per cent and 16 per cent respectively, so India fared slightly better on this front.
Around 35 per cent professionals admitted to not updating their devices until at least a week after being notified of a patch, or even longer. With so many security vulnerabilities being highlighted, the delay in updates can be problematic as Reed explained.
He gave the example of the recent zero-day vulnerability, which was discovered in Microsoft Exchange, which is used by companies across the world.
“The problem was that once Microsoft released the patch, and it became known how this attack could be performed, attackers found it easy to implement. After the vulnerability has been released, it is a race against time because more and more actors try to exploit it,” Reed explained. Until everyone updates all security patches immediately, users remain vulnerable when threats are revealed.
In his view, companies will have to adapt new strategies for security as “the things that worked in the past do not work anymore”.
Reed also cautioned on the rise of ransomware, which has emerged as the number one threat for companies. “We know that not all professionals are backing up data properly. Many are not aware of what data is important and sensitive. Or their data practices are based on what we call a compliance-based approach, where the company could be perfectly compliant on paper. However, it cannot handle real ransomware,” he said.
According to the survey, while 98 per cent of IT users in India reported performing backups, with 40 per cent claiming to back up daily – 90 per cent have irretrievably lost data at least once. This suggests that they don’t know how to back up or recover properly.
In Reed’s view, the best protection from ransomware is to start really early and that can only be done by having a proper infrastructure. One way is to ensure that all suspicious emails are locked using professional services such as the ones that Acronis also offers. Another is to train employees not to open emails which are suspicious, which can be hard.
“But once ransomware is dropped on the machine, they need solutions to stop ransomware from taking over. Even if this fails, companies need a back up. We recommend that at least three quarters of data should be backed up on two different media, and one media should be completely offline. In fact, companies which did this had some data which they could recover and move on from such attacks,” he explained.
In his view, data protection that is done on multiple levels is going to be the most successful strategy for companies to protect themselves from ransomware. Acronis surveyed 4,400 IT users and professionals from 22 countries for this report.