Veeam Software, released findings of the company’s fourth annual Data Protection Trends Report to better understand how data protection is evolving in a digital world. The survey found that companies are challenged with more complex hybrid IT environments and are raising budgets to fend off cyberattacks as well as keep up as production environments continue to diversify across various clouds. The result is that IT leaders feel they aren’t sufficiently protected. A top priority of organisations this year is improving reliability and success of backups, followed by ensuring that Infrastructure as a Service (IaaS) and Software as a Service (SaaS) protection is equitable to the protection they rely on for datacenter-centric workloads.
Highlights of the Veeam Data Protection Trends Report 2023:
- Modern Data Protection is needed to keep businesses running: Four out of five organisations believe that they have a gap, or a sense of dissatisfaction or anxiety, between what their business units expect and what IT services can deliver. These gaps are one reason that 57% of organisations expect to change their primary data protection in 2023, as well as the justification for increased data protection budgets.
- Data protection budgets are increasing: Globally, organisations expect to increase their data protection budget in 2023 by 6.5%, which is notably higher than overall spending plans in other areas of IT.
- Despite the awareness and increase in preparedness, ransomware is winning and is the biggest hindrance to Digital Transformation: Cyberattacks caused the most impactful outages for organisations in 2020, 2021 and 2022, according to the report. 85% of organisations were attacked at least once in the past 12 months; up from 76% in last year’s report. Specifically, recovery is a main concern as organisations reported that only 55% of their encrypted/destroyed data was recoverable from attacks.
- Container-centric workloads are growing in popularity: Containers, and more specifically Kubernetes, show all the characteristics of a mainstream production platform, with the same kinds of data protection strategy disparities as seen in early adopters of SaaS five years ago or virtualisation 15 years ago.52% of respondents are currently running containers, while 40% of organisations are planning to deploy containers.
“IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing,” said Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam. “This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption. Legacy backup approaches won’t address modern workloads – from IaaS and SaaS to containers – and result in an unreliable and slow recovery for the business when it’s needed most. This is what’s focusing the minds of IT leaders as they consider their cyber resiliency plan. They need Modern Data Protection.”
Out of the total 4,200 unbiased IT leaders that were surveyed, 368 were from the Middle East & Africa (MEA) market. Below are interesting regional findings:
Protection and Availability Gap in the MEA region
- 78% have an “Availability Gap” between how quickly they need systems to be recoverable and how quickly IT can bring them back
- 79% have a “Protection Gap” between how much data they can lose and how frequently IT protects their data
Mohamad Rizk, Regional Director, Middle East & CIS at Veeam says, “The MEA findings of the Veeam Data Protection Trends Report 2023 largely mimics the global results, which find that there is a big chasm between business expectations and IT delivery, when it comes to data protection. In an era of hybrid cloud, it is important to recognise that some cloud-hosted offerings are natively durable; implying that in certain circumstances, the availability gap might be closing. Meanwhile, the protection gap still exists as much, if not more in cloud services as it does within the data center because most cloud providers do not back up their ‘subscribers’ data.”
“To be fully transformative, enterprises in Middle East & Africa need to optimise every dollar of their IT budgets and make sure the right workloads and applications are prioritised and protected, and a simple, flexible, reliable and powerful modern data protection solution is in place – one that protects all environments – Cloud, Virtual, Physical, SaaS and Kubernetes. Only then can enterprises ensure they’re sufficiently protected and ready for turbulent times ahead.”
Ransomware in the MEA region
Ransomware attacks continue to be more frequent
- Only 14% experienced no ransomware attacks in 2022
- 18% experienced only one attack
- 48% experienced two or three attacks
- And 21% experienced four or more attacks in 2022
- 45% of organisations stated that ransomware (including both prevention and remediation) was their biggest hindrance to Digital Transformation or IT modernisation initiatives, due to its burden on budgets and manpower
- When organisations were asked about their most significant attacks suffered in 2022:
- 39% of their entire production data set was successfully encrypted or destroyed
- Only 55% of the encrypted/destroyed data was recoverable
“Ransomware is indiscriminatory – every business is a target. Rather than be gripped with fear at the prospect of being attacked, organisations must focus on what they can control – their defence. The fundamental principles of how to prepare defences against even the most sophisticated and powerful ransomware stay relatively the same. The first is the practice of impeccable digital hygiene. All employees must be trained to identify suspicious content and be warned of the impact that malpractice using work devices can lead to. Secondly, all businesses must prepare for their defences to fail. Concepts such as zero trust and deploying techniques such as two-factor authentication can be useful for restricting the access an attacker has to data. The best way to protect data is to ensure that it has been securely backed up and is fully recoverable before an incident takes place with the 3-2-1-1-0 backup rule – there should always be at least three copies of data, on at least two different types of media, at least one off-site and one immutable or offline, with zero unverified backups or errors,” continues Rizk.
“Without secure, trusted backups, organisations risk data loss and increase the possibility of a ransom payment. To avoid these worst-case scenarios, the speed of data recovery is critical, which is why Veeam provides the fastest recovery options in the industry, allowing enterprises to get back to normal business operations without reintroducing threats into the environment. Veeam also has the people to help with every step of the way, including onboarding services, account management, and a specialised ransomware SWAT team to assist in the event of a ransomware attack.”
