Kubernetes an “Achilles heel” in mitigating ransomware

Research from Veritas has revealed that UK enterprises are widely underprepared to face ransomware attacks on Kubernetes environments

91% of participating UK enterprises say that ransomware attacks in Kubernetes environments are a risk, but Veritas has found that businesses are slow to extend data protection solutions.

While the vast majority (91%) of respondents plan to deploy the technology in the next two to three years, and almost a third already rely on it today, just 32% that have deployed Kubernetes so far have tools in place to protect against data-loss incidents such as ransomware.

Meanwhile, over a half (53%) of those that had deployed Kubernetes had already experienced a ransomware attack on their containerised environments.

“Kubernetes offers a world of benefits for businesses – it’s affordable, flexible, scalable and really easy to deploy,” said Ian Wood, head of technology for UK & Ireland at Veritas.

“So, embracing containerisation is a no-brainer for UK enterprises. Unfortunately, this often means that it’s really easy for organisations to surge ahead faster with their Kubernetes implementation than their Kubernetes protection.

“With applications in containerised environments shifting more and more to having stateful data, suddenly, they’ve found themselves with over two-thirds of their mission-critical Kubernetes environments completely unprotected from data loss.

“While the benefits of Kubernetes are vast, businesses need to ensure their protection measures keep pace so that Kubernetes doesn’t become the Achilles heel in their ransomware defence strategy.”

2022 cyber surge of ransomware

Terry Greer-King, vice-president EMEA at SonicWall, discusses how ransomware is set to impact organisations in 2022. Read here

Siloed solutions

According to Veritas’s report, UK businesses are missing the opportunity to deliver rapid protection to vulnerable data sets, with just 37% of organisations extending data protection across containers.

The rest, meanwhile, are complicating protection environments with stand-alone products for some, or all, of their Kubernetes protection, despite 99% of UK respondents believing in benefits to taking an integrated approach.

This may be linked to the finding that almost half (44%) admitted knowing little to nothing about solutions that could protect data across traditional, virtual and Kubernetes environments.

The biggest risks associated with siloed data protection solutions were identified by the research as ‘an increased likelihood of data being missed from protection sets’ and ‘the increased time required to manage multiple solutions’.

Future protection

Conversely, UK businesses expect to be able to achieve better protection of their Kubernetes environments over time, with 19% of organisations believing that ransomware will not be an issue here five years on.

Additionally, respondents expect to spend, on average, 40% more in this area in five years’ time than they do today, meaning that all participating companies will have data protection in place for their mission-critical Kubernetes environments.

DIY vs distro: what to pick for your Kubernetes environment

Chuck Svoboda, senior director, managed services at Red Hat, discusses what to consider when it comes to putting together your Kubernetes environment. Read here

Wood continued: “It’s reassuring to see that UK businesses understand the value of protecting the mission-critical data that they’re using in their Kubernetes environments.

“And it’s great that it seems they’ll eventually get the protection that they need. However, a lot can happen in five years, especially in a fast-moving industry like cyber crime, where we’d expect to see sophisticated ransomware variants emerge over that time to target Kubernetes and take advantage of this chink in a business’ armour.

“Too many organisations are missing the really easy opportunity to extend their current data protection platforms to their Kubernetes environments today and are leaving themselves open to attack.”

Veritas’s study, conducted by Opinium Research between the 7th-20th February 2022, surveyed 1,100 IT decision makers in organisations with over 1,000 employees globally.