Apricorn has announced new findings from the Apricorn 2022 Global IT Security Survey, which found that while most organizations have plans for data backup, the data is at risk for many.
Apricorn surveyed nearly 400 experienced IT security professionals in healthcare, IT, education, financial services, and manufacturing about remote and hybrid work security practices. The study focused on data resilience and the availability to access and renew corporate data in case of a ransomware incident or other cybersecurity attack.
Most respondents (93%) say they have a ransomware readiness plan, but significant knowledge gaps exist regarding adequate backup and cyber resilience practices.
A full 26% consider the cloud too risky for data backup, but only one in three backups both the cloud and to encrypted hardware storage devices.
Overall, 82% want their organizations to require encrypted hardware USB use, but only 34% have mandated such a policy. In addition, only 20% of backups are in real-time, and only 18% use the long-standing best practice for backup: the 3-2-1 method.
Apricorn US President Kurt Markley said: “Data loss events, from natural disasters to technology failures to cyber-attacks, pose an ever-present threat to organizations across all industries. The increasing threat of cyber-attacks underscores the need for better data protection. If organizations do not have an adequate strategy for data backup and have not been successfully attacked, they are lucky they are not secure or resilient.
“It is not enough to only back up data to the cloud or only offline. Organizations must follow the 3-2-1 rule, in which they keep at least three copies of data on two different media, one off-site. By following this rule with a combination of cloud and hardware encrypted storage, organizations have the best chance of complete data recovery.”
Two years after the pandemic, 81% of respondents agree that remote and hybrid work are now standard practices across their organizations, noting that all typical security policies are the same regardless of work locations.
However, 20% will not return to address security vulnerabilities arising from the rapid changes implemented during the pandemic to enable work-from-home and remote work policies. And while many respondents noted that they’d addressed their initial remote work security practices, key solutions still need to be addressed to make their organizations and data truly resilient.
Of the 80% that hark back to pandemic-rushed policies, only 41% focus on integrating and enforcing new technologies such as external USB storage devices, hardware storage, and encryption. And only 34% have implemented a policy to mandate encrypted USB storage devices to protect data in transit.
Markley added: “Hybrid work environments are the new normal, and organizations must emphasize the importance of protecting data on the go.
“Backing up data is not the sole responsibility of IT administrators. All employees should participate in backing up data and following policies to ensure its security. It is alarming that after two years, so many employees and organizations have not yet been able to work adequately remotely security policy.”
Of those surveyed, 25% of respondents noted that the strict hybrid work policies they implement are not being adhered to by employees, even though Thom continuously enforces thenforcingicies on employees.
In addition, 60% of respondents do not back up their data or devices before working remotely, further weakening their organization’s data resilience. While many organizations have considered backup and resilience initiatives and ransomware preparedness, more needs to be done to strengthen them, Apricorn concludes.
