75% of Organizations Putting Data at Risk

Apricorn, Inc. announced new findings from its 2023 North American IT Security Survey, which found that only 25% of IT professionals follow industry best practices for backing up data.

The survey details backup, encryption and resiliency protocols for IT professionals in USA and Canada over the last 12 months.  Overall, the responses revealed gaps in backup procedures, hedging risks from employees, and securing data on the move with encryption.

Data backup protocols weak
The findings detail alarming trends around lax backup procedures. While 93% of respondents say that they factor in backups as part of their cyber security strategy, only one in 4 follow the 3-2-1 rule, in which they keep 3 copies of data, on 2 different formats, one of which is stored off-site and encrypted.

The importance of clean and accurate backups is critical, with 37% of respondents having experienced a data loss event and 55% reporting they have had to restore data from a backup as part of recovery. However 16% do not ensure that their backups are clean and complete, and 52% say they keep their backups for only 120 days or less, which is less than half the average 287 days it can take to detect a breach.

“Hardware encryption and frequent backup policies are the only 2 things organizations can count on to protect data, yet we’ve seen very little improvement Y/Y in following these best practices,” said Kurt Markley, US MD. “In today’s hybrid work culture, it’s shocking to see so many IT professionals driving with their eyes closed when it comes to data resilience. Companies should implement the 3-2-1 method and give employees options to easily backup and secure their data, while also implementing policies for encrypted storage.“

Employee apathy puts data at risk
The human element is a considerable concern, with 33% having experienced data loss related to employee actions. One-third of employees working in the office don’t consider themselves as potential targets that cyber attackers can exploit to access company data. This is higher than the 27% remote employees who don’t consider themselves as potential targets. And despite the lack of employee awareness that they could be targeted, only 50% of organizations encrypt sensitive information for data on the move which is only a 10% improvement from last year.

Risk from employees – particularly when data is on the move – remains a top threat to data security, and almost 40% feel their employees’ lack awareness of the risks to data when mobile/remote working could unintentionally expose the company to a data loss event or breach. While some respondents say they are adequately protected, protection for data on the move is inconsistent across organizations.

“Hybrid work is not new and it’s irresponsible of organizations who offer hybrid work but have not yet adapted their security requirements for it,” added Markley. “Employees in all areas of business should recognize that they could be a target for a cyberattack or phishing attempt that could lead to compromised data. However, many employees feel fully protected by their IT policies, giving them a false sense of security. This can be particularly risky when employees continue to work remotely or in hybrid settings where sensitive information is on the move. IT pros should continue to encourage employees to backup data to an encrypted device before working remotely.“

About the survey
Comprising 22 question and answer options, and drawing more than 250 responses, the Apricorn 2023 North American IT Security Survey poll was conducted in March 2023. Nearly 65% of respondents have 11-20 years working in IT security, with 19% responsible for making final decisions about IT purchases.