KUALA LUMPUR: Acronis, a global brand in cyber protection, has released its annual Cyber Protection Week Global Report 2022 timed to this year's World Backup Day. The report which surveyed over 6,200 IT users and IT managers from small businesses to enterprises across 22 countries, exposes some of the most critical shortcomings appearing in cyber protection practices today, examines why they're appearing and offers guidance on how they can be fixed.
One of the key findings last year was that 80 per cent of organisations ran as many as 10 solutions simultaneously for data protection and cybersecurity — yet more than half of them suffered downtime because of data loss. Clearly, more solutions do not translate into more protection.
This year, we see that trend getting worse. While 78 per cent of organisations globally run as many as 10 different solutions, 76 per cent of the organisations experienced downtime due to data loss — a 25 per cent increase from 2021. This downtime stemmed from a number of sources, including system crashes (52pc), human error (42pc), cyberattacks (36pc) and insider attacks (20pc).
As a result, 61 per cent of global organisations' IT teams now report a preference for integrated solutions that replace their complicated stacks of cybersecurity and data protection tools with a single, unified console.
"As the entire world is increasingly at risk from different types of attacks, accelerating to universal all-in-one solutions is the only way to achieve truly complete cyber protection. And that's precisely the problem Acronis has set out to solve," said Acronis' vice president of Cyber Protection Research, Candid Wuest, in a statement adding that attackers don't discriminate when it comes to means or targets, making having strong and reliable security is no longer an option, rather a necessity for everyone.
While conducting the survey, Acronis also traced another worrying trend that is responsible for cyberdefenses lowering and increasing IT security budgets—70 per cent of organisations' IT managers claim to have automated patch management. However, based on any reliable industry research, only a handful of companies follow the 72-hour "golden time" for patch management.
Eighty two per cent of the respondents also claim to have ransomware protection and remediation. Yet, successful attacks occur weekly and the size of ransom demands grows each year; 20 per cent claimed to be testing backup restoration weekly. Again, not consistent with any other industry-issued data. This shows a growing trend of overconfidence among IT teams—overselling their readiness.
It seems that IT managers are trying to appear better prepared than they are; but that is, in turn, misleading their managers, boards of directors, industry analysts and customers.
However, if the overwhelming majority of IT managers indeed have these solutions, they aren't using them right. They have simply stocked their IT stacks with all of the recommended cybersecurity technologies—spending more money in vain.
The report proves that organisations are spending more on IT security this year, but when we compare it to their overall IT budget, it becomes clear – organisations are still treating cyber protection as a "nice-to-have" not as a "must-have" because half of the organisations, globally, only allocate less than 10 per cent of their overall IT budget on IT security.
Only 23 per cent of organisations globally are investing over 15 per cent of their overall IT budget in security – even despite the increasingly threatening cyber landscape.
Frequent backups that were fuelled by the shift to remote work are over and a third of IT managers only back up weekly, while another 25 per cent back up monthly.
The use of backup best practices is declining across the board where only 15 per cent of organisations' IT teams adhere to them proving that pandemic-driven spike in awareness was only temporary.
Same as last year, 10 per cent of IT managers still aren't sure if their company is subject to any data privacy regulations — proving that IT managers, like IT users, get stuck in their ways.
According to the research, 86 per cent of organisations globally are also concerned about the threat of increasing politically-driven cyber attacks caused by the worsening geopolitical climate — but their concern does not translate into improvements to their cyber protection.
Bottom line, the outdated approaches that professional IT teams have relied on for years are now actively failing them. A comprehensive, easy-to-follow approach is essential to achieving a more reliable,
holistic protection for data, applications and systems – one that combines cybersecurity, data protection and management into one solution.
Users show concern over cyberthreats, but backup habits remain unchanged. Only one in ten users backs up daily, while 34 per cent of users back up on a monthly basis — a staggering 41 per cent of users backup rarely or never. Still, 72 per cent of users had to recover from backup at least once in the past year (33pc – more than once). Meaning that some of the users who chose not to back up have permanently lost their data. The report also indicates that 43 per cent of users update a week or more after an update release – of those, seven per cent take more than a month to perform these recommended updates. A decline in response time compared to 2021.
While only 12 per cent of users are following the recommended hybrid model of cloud and local backup storage, users have doubled down on cloud backup and in four years, Acronis saw local backups shrinking
from 62 per cent in 2019 to 33 per cent in 2022; at the same time cloud backups jumped from 28 per cent to 54 per cent.
From the survey it was also found that 66 per cent of users would not know or be able to tell if their data had been modified and almost half of the users (43pc) stated that they are not sure if their anti-malware solutions could protect against new and emerging cyber threats.
What can be seen in the Cyber Protection Week Global Report 2022 is that there is a massive gap in how organisations and individuals approach cyber protection in theory as well as in practice.
For more global and regional insights, check out the Acronis Cyber Protection Week Global Report 2022 and the regional deep dives. The full report is available on Acronis' website.