IT decision makers are facing an onslaught of cyberthreats and many need to spend more time testing backup solutions, according to a new Carbonite report.
IT professionals at midsize businesses are waging a battle against ransomware, network intrusions and other critical threats that lead to data loss and costly unplanned downtime. And the number of threats to business data continues to rise, according to the results of a new Carbonite survey.
IT pros we surveyed say they understand the many costs associated with downtime—quantitative ones such as loss of revenue and others such as damaged reputations and customer dissatisfaction. But our survey results show that many IT pros need to spend more time preparing for threats to their data—and many are not testing their backup and recovery tools and strategies.
Unplanned downtime continues to be a problem
Carbonite surveyed 219 IT decision makers at small and midsize businesses with 250 to 1,000 employees and found that more than half—52%—have experienced unplanned downtime within the last three years.
Respondents indicated that the leading cause of downtime is hardware failure, followed closely by power outages, malware and cyber-attacks. Other causes of downtime include accidental deletions and natural disasters such as floods, fires and hurricanes.
More than 40% of respondents report that threats posed by hackers, ransomware and other forms of malware have increased significantly in recent years. About 22% say the number of threats to business data has remained flat, while 36% feel threats have decreased.
Threats to business data on the rise
The results of the Carbonite survey closely mirror recent reports about the increase in ransomware attacks and other cyberthreats to small and midsize businesses.
IT security solutions firm Cybersecurity Ventures predicts 2017 ransomware damages to exceed $5 billion, including ransom payments, loss of data, downtime and lost productivity.2 Security solutions firm SonicWall reports that it detected more than 638 million attempted ransomware attacks during 2016. That’s more than 167 times the number the ransomware attacks they detected during 2015.
The recent WannaCry ransomware attack alone affected more than 200,000 computer systems in 150 countries—and WannaCry is just one of countless ransomware variants that pose a threat to businesses.
Cybercriminals regularly target small and midsize businesses with ransomware because those companies often lack the security and training resources that protect larger companies. A recent Ponemon Institute survey of decision makers at small and midsize businesses found that 68% believe their company is “vulnerable” or “very vulnerable” to ransomware attacks.
RTOs, security among chief concerns
The rising number of threats to business data keeps many IT pros awake at night worrying about the potential for data loss and downtime, according to the survey results. Their top three concerns when thinking about the possibility of a disaster or disruption include:
1. Worries about meeting recovery time objectives (RTOs)
2. Fear of not being able to recover all of the data
3. Security and privacy concerns
When disaster hits IT systems, recovering data and getting production systems up and running quickly is the top priority.
Over 50% of respondents stated even minutes of downtime resulting from a disaster would have a major or critical impact on the business.
Over half—51%—say their RTO is less than one hour. Only 7% of IT pros can withstand downtime that lasts longer than one day. Unfortunately, only 20% said their RTO was achieved following disruptions.
Still, many IT pros are not testing their backup and recovery systems on a regular basis. Only one in three—34%—refresh backup and recovery strategies on a monthly basis. Another third of respondents—33%—look to refresh strategies every six months or less frequently. Nearly one in five respondents—17%—have not performed a disaster recovery test within the last year.
A preference for hybrid backup strategies
Most IT pros use hybrid backups strategies to ensure redundant data protection. About 38% use a combination of onsite and offsite backup strategies. This includes backing up data to an appliance or server onsite, then replicating those backups to a secondary datacenter or colocation facility.
An additional 22% of IT pros say they use onsite/offsite strategies in combination with cloud-based data protection, while 19% of respondents are using a cloud-only backup solution. A whopping 78% of IT decision makers say some form of tape is still used for data backup.
Test backups to meet RTOs
One of the keys to meeting RTOs is making sure you’re able to recover data when a disruption or data loss event occurs. A backup system is only as good as its ability to restore data that would have otherwise been lost, according to Jim Flynne, vice president of operations at Carbonite. That’s why it’s a good idea to test the backup system’s restore capabilities at least once a month.
“All you need to do is identify some important files and retrieve them from your backup system. Once restored, open the file as you would the original to make sure it was recovered properly,” Flynne said. “Database-driven applications can be more finicky and may require complete sets of files to be restored to ensure that there are no problems, but it’s worth testing backup systems before your business has to depend on them to run.”