The ever-evolving landscape of cyberthreats presents significant challenges for IT and security leaders. Modern threats are complex and advanced, and the situation is exacerbated by increasingly sophisticated and determined adversaries, and a growing reliance on digital infrastructure. It’s clear that robust strategies to protect data, operations and businesses’ reputations are crucial.

Understanding the threat landscape is the first step. With this in mind, the Veeam Data Protection Trends Report 2024 surveyed 1 200 IT leaders and implementors at firms globally to gain an impartial understanding of how data protection and recovery must continue to evolve.

The report highlights a concerning paradox: while companies are committing more resources to fending off cyberattacks, IT leaders feel less protected and more concerned about their ability to recover and restore mission-critical data.

Ransomware attacks remain the top cause of outages, and organisations are increasingly emphasising the use of the cloud for major recoveries. However, only a small percentage believe they can recover from even a small crisis within a week.

The scourge of ransomware

at Veeam emphasises the critical nature of this challenge. Ransomware continues to be the biggest threat to business continuity. It’s the number one cause of outages today, and protecting against it is supporting digital transformation initiatives.

Although companies are spending more and more on protection, less than one-third believe they can recover quickly, even from a minor attack. The findings in this year’s report highlight the need for continued cyber resilience and the importance of ensuring the right protection and recovery capabilities. Veeam’s aim for this year is to power data resilience to keep businesses running.

Effective ransomware defence requires a multi-layered approach that includes proactive threat detection, rapid incident response and robust data recovery capabilities. This includes advanced endpoint protection solutions that leverage machine learning and behavioural analysis to detect and block ransomware threats as early as possible.

Equally important is ensuring robust data recovery capabilities, such as immutable backups that ransomware attackers cannot alter or delete. Regularly testing these backups and ensuring they are stored in secure, off-site locations is critical to guaranteeing data integrity and availability in the event of an attack.

Protecting hybrid cloud environments

As businesses increasingly adopt hybrid cloud environments, protecting these complex infrastructures becomes a key priority. The report revealed that while container usage is on the rise, only a quarter of companies use a backup solution specifically designed for containers. The remaining entities rely on partial backups, which do not guarantee that applications and services can be resumed after a crisis.

Furthermore, hybrid production architectures are forcing organisations to reconsider their backup strategies. The two most important considerations for enterprise backup solutions are reliability and the protection of cloud-hosted workloads (IaaS and BaaS). Organisations relying on legacy data centre-centric data protection solutions struggle to maintain service-level agreements as they move workloads between platforms or clouds.

Firms must adopt comprehensive backup solutions to effectively protect hybrid cloud environments that provide equitable protection for both on-premises and cloud-hosted workloads. This includes implementing cloud-native backup solutions that can seamlessly integrate with various cloud platforms and ensure consistent data protection across the entire infrastructure. Additionally, companies should prioritise regular testing of backup and recovery processes to identify and address potential vulnerabilities before a crisis occurs.

Disaster recovery planning

In addition to addressing the immediate threats posed by cyberattacks, organisations must prioritise comprehensive disaster recovery planning. The report underscores the importance of having the right protection and recovery capabilities to ensure business continuity. This involves developing and regularly updating disaster recovery plans that address a wide range of potential scenarios, from cyberattacks to natural disasters.

Effective incident response planning requires a holistic approach that encompasses not only technology but also people and processes. Companies should conduct regular risk assessments to identify potential vulnerabilities and develop mitigation strategies. Additionally, they should establish clear communication protocols to ensure all stakeholders are informed and prepared to respond effectively in the event of a crisis.

Addressing skill gaps and achieving ESG goals

The report also highlights significant job changes within the IT sector, with nearly half of respondents expressing an intent to seek new employment within the following year. This presents both a challenge and an opportunity for data protection initiatives. While losing valuable data protection talent can put organisations at a disadvantage, the market shift also provides an opportunity to acquire new knowledge and skills to protect modern production workloads.

Businesses should invest in continuous training and development programmes to address skill gaps and ensure their IT teams are equipped with the latest knowledge and skills to fend off cyberthreats. Additionally, they should prioritise diversity and inclusion initiatives to attract and retain a diverse talent pool, which can bring fresh perspectives and innovative solutions to cybersecurity challenges.

Achieving environmental, social and governance (ESG) goals is another critical consideration for entities navigating the evolving landscape of cyber threats. By integrating ESG principles into their cybersecurity strategies, organisations can enhance their resilience and build trust with stakeholders. This involves adopting sustainable practices, promoting ethical behaviour, and ensuring transparent reporting of cybersecurity initiatives and outcomes.