Traditional backup software is no longer a “reliable shield” on its own for data protection, according to Anna Michniewska, chief operating officer (COO) at Tributech.
Michniewska, blogging for the data orchestration and governance software company, said that the subtleties of today’s data-integrity focused attacks make it easier for attackers to deceive or disrupt information system processes in an organisation.
“As the volume of data generated and stored continues to surge, so does the menace posed by cybercriminals seeking to exploit vulnerabilities within systems,” she wrote.
“Manipulating backup files can go unnoticed for extended periods, compromising the integrity of an organisation’s data.”
Michniewska cited a Rubrik finding that 93% of external organisations surveyed said that attackers had tried to change backup files duing a cyberattack, with 73% saying these attempts were “at least partially successful”.
In software vendor Veeam’s Data Protection Trends 2023 report, it was suggested that organisations may now need to further develop and integrate data protections within their data security strategies, she added.
“These attacks exploit weaknesses in network security, software vulnerabilities, and human errors to gain unauthorized access and tamper with crucial data sets,” Michniewska said.
“The consequences of such attacks can be severe, leading to financial losses, legal ramifications, damage to reputation, and most importantly, a loss of trust from clients and stakeholders.”
Solutions like Tributech can be deployed alongside backup solutions to strengthen data protection against data manipulation attacks, Michniewska said, to help ensure data integrity and validity.
“[Tributech] data notarisation and verification protects data integrity throughout the entire lifecycle, not only in backup scenarios. It uses cryptographic methods to create a secure audit trail, validating the authenticity and immutability of data from creation, transfer, to eventual backup,” she said.
Thomas Plank, chief executive officer (CEO) at Tributech, said in a separate explainer that it was “necessary” to establish baselines of all relevant data.
This means organisations can monitor any change to data integrity and therefore any adversarial manipulation, helping defend against rising threats such as ransomware, he said.