Backups are the new doorway
A recent video reported attackers increasingly treat backup systems as the easiest initial compromise — legacy backup platforms often lack MFA, segmentation, and immutable storage. The takeaway: backup environments are no longer 'last line' systems but prime targets that require zero‑trust controls and isolation.
Sophos reportedsophos.com that attackers attempted to compromise backups in 94% of ransomware incidents, and victims whose backups were compromised faced median recovery costs of about $3 million—roughly eight times higher than those whose backups remained intact. The FBI, CISA and MS‑ISAC issued a joint advisory on Feb. 19, 2025ic3.gov specifically warning that groups like Ghost/Cring target and disable recovery infrastructure, and urging separate non‑alterable backup stores plus strict network segmentation. South Africa’s National Health Laboratory Service was hit on June 22, 2024, in an incident that deleted backup servers and left core lab systems unable to process millions of tests for weeks, according to contemporaneous reportingcybersecurity-review.com. Google Cloud’s Office of the CISO has promoted architecting Isolated Recovery Environments for immutable, air‑gapped restorescloud.google.com, and ESG research shows 81% of organizations now view backup immutability as a crucial defense against ransomwareblocksandfiles.com.
