Jun 21 2023

Businesses Can Step Up Their Ransomware Defenses With Immutable Storage

To keep their data safe, organizations need solutions that prevent deletion even if hackers access their backup environments.

For years, cybersecurity experts have talked about the importance of robust data backup environments for protecting organizations from ransomware attacks. But as hackers have grown more sophisticated, there is increasing concern that they will simply find a way to access backup environments, leaving organizations no way to restore their data without paying a ransom.

This fear is sparking greater interest in immutable storage, which creates backups that cannot be altered or deleted for a set period of time, even by authorized users. In the event of a ransomware attack, organizations can restore their environments from their immutable backups, allowing them to resume their normal business operations.

“Immutable storage has been around a lot longer than ransomware, and it was originally designed to prevent any kind of accidental or purposeful destruction by internal users,” says Phil Goodwin, a research vice president at IDC. “But it really has taken on a renewed importance with regards to ransomware because it provides some level of protection against the bad guys making changes to the data or deleting it.”

Ransomware sidebar


Ransomware Attacks Are Now Ubiquitous

According to a new report from Veeam, 85 percent of organizations suffered at least one cyberattack in the past 12 months. Of those hit by ransomware, only 16 percent were able to recover their data without paying a ransom. And, of the 80 percent that did pay a ransom, only around 75 percent of these companies were actually able to recover their data.

While immutability can be applied to data stored on a variety of platforms — including tape, disks and solid-state drives — it often is used to make cloud backups invulnerable to deletion. In addition to protecting organizations against cyberattacks such as ransomware, immutability can be used to ensure that data is held for a certain period of time to comply with legal or regulatory requirements, to provide a documented chain of custody for important data, and to simply safeguard data backups against equipment failure and human error. Immutable storage options are offered by most major storage and backup solution vendors, including Acronis, Commvault, Veeam and Veritas.


The percentage of organizations that suffered at least one cyberattack in the past 12 months

Source: Veeam, “2023 Global Report: Ransomware Trends,” May 2023

How to Get the Most From Immutable Storage Providers

Goodwin notes that only about 20 percent of data within most organizations is truly valuable, and he says that IT leaders typically apply immutability only to this more sensitive information. It is important, he says, for organizations to ask probing questions of vendors to make sure that their immutable storage options will fully meet their needs.

“One of the biggest things that people miss is that immutable storage is not always truly immutable,” Goodwin says. “There can be workarounds. Immutability is driven by specific time periods, and if someone can do something as simple as going in and changing the system clock, then the data is no longer immutable. It also might be possible to compromise credentials and change the policy on immutability. Then, the bad actor — whether it’s an internal or an external threat­ — can just change the policy, and the data can be deleted.”

Phil Goodwin
One of the biggest things that people miss is that immutable storage is not always truly immutable.”

Phil Goodwin Research Vice President, IDC

Goodwin advises organizations to seek out solutions that are “truly immutable,” meaning that data cannot be changed or deleted within a specific period of time, no matter what. He also cautions that immutable storage is only one piece of a comprehensive ransomware protection strategy. Even if hackers can’t delete data, they may be able to read it — in which case they can either sell it on the dark web or threaten to do so unless they get paid. 

“Ideally, you want to make sure that you have air-gapped copies, encrypted data and immutable storage,” Goodwin says. “Together, those solutions give you the best opportunity for data survival.”

Click the banner to learn how your organization can increase its ransomware recovery capabilities.

SvetaZi/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.