SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Flux result 0140b590 dfa2 4fdb 8cad 8fa28d461048
#
SaaS
#
Firewalls
#
Data Protection

Firms warned on ransomware amid backup & AI sprawl

Wed, 1st Apr 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Cybersecurity specialists are using World Backup Day and Digital Cleanup Day to warn organisations about rising ransomware risks and the growing challenge of hidden technology assets across their estates. Executives at ThreatAware and Expel say many businesses still lack the basic visibility and resilience needed to withstand increasingly automated attacks.

The warnings come as security teams face a surge in data extortion incidents and a rapid expansion in the number of software tools and agentic artificial intelligence services deployed across enterprises. Industry data in recent years has shown a steady rise in double extortion ransomware, in which attackers both encrypt and steal information, alongside a widening attack surface as cloud and software-as-a-service adoption grows.

On Digital Cleanup Day, Jon Abbott, chief executive officer and co-founder of ThreatAware, highlighted the scale of the visibility problem inside many organisations. Asset inventories often fail to keep pace with user behaviour and decentralised technology purchasing, particularly when teams adopt SaaS products and AI tools without central oversight.

"Many organisations still lack full visibility of the technology, accounts and SaaS tools in use across their business. This is further compounded by the explosion in agentic AI, with new tools and automated workflows being adopted at an unprecedented rate and leaving many security teams scrambling to keep track and fully protect. Digital Cleanup Day is an opportunity for organisations to take stock and reclaim that visibility. Not knowing what systems are in use makes it much harder to secure them, keep them patched and understand where vulnerabilities may exist. Taking the time to identify what's there, what's still needed and what may have been overlooked is a simple but significant step towards reducing risk and strengthening security posture," Abbott said.

Security practitioners view this lack of visibility as a fundamental weakness in ransomware defence. Unmanaged or unknown assets often fall outside standard patching, monitoring and backup policies. Attackers can exploit those blind spots and move laterally across a network before security operations teams detect the intrusion.

World Backup Day has become a focal point for emphasising the role of data protection in incident response planning. Pierre Noel, field chief information security officer at Expel, described backup design and governance as central to modern cyber defence, while warning that technical best practice alone does not eliminate risk.

"Backups are a cornerstone of modern cybersecurity, but only if they are properly protected. Best practice means ensuring the backup is immutable, kept on separate infrastructure, shielded from deletion and regularly tested. But even if backups follow these guidelines, there is still risk because they do not exist in a vacuum. The capabilities around them are equally important: visibility across critical systems and authentication logs, the ability to remediate quickly when an attacker slips through, and strong threat intelligence to stay ahead of evolving tactics. A centralised data policy is also vital, ensuring sensitive information is stored centrally rather than locally and helping eliminate single points of failure.
"Together, these measures support a security posture that improves continuously, reducing risk over time rather than treating ransomware defence as a one-off exercise.
"Ransomware will only grow more automated, using AI for faster, broader and more tailored attacks. A multilayered defence - immutable backups stored elsewhere, strong visibility, rapid remediation, robust threat intelligence, continuous monitoring and regular testing - is the best path forward. Organisations that build resilience and preparedness will not just survive ransomware; they will be far less attractive targets in the first place," Noel said.

Security providers report that threat actors now routinely target backup infrastructure itself. Criminal groups try to locate and destroy online backups early in an attack so victims have fewer recovery options and face greater pressure to pay. That trend has sharpened the focus on immutability controls, physical and logical separation of backup environments, and regular restoration drills.

Abbott said ransomware groups have also refined their techniques for bypassing frontline defences and monetising breaches. He argued that reliable backups remain important, but must sit within a much broader framework of controls and monitoring.

"We're seeing new levels of scale and sophistication in today's threat landscape. Most ransomware attackers have invested heavily to get past defences and now operate with a core objective: not just encrypting data but also exfiltrating it to maximise their leverage.
"Reliable backups are a pillar of cyber resilience. However, the modern era of cyber attacks demands more. Ultimately, they are a final line of defence that must sit within a broader, multilayered security strategy.
"The priority is to make sure you're prepared for attackers regardless of how they strike or which vulnerabilities they exploit, whether through phishing, network weaknesses or misconfigurations. This means implementing core security controls such as endpoint detection and response, strong access controls and multi-factor authentication.
"This matters more than ever as ransomware strikes at the heart of business operations. By combining these measures, you'll strengthen your overall cyber resilience and minimise the likelihood of falling victim to an attack," Abbott said.

Security teams in many large organisations now treat ransomware as an operational risk rather than only a technical one. Incident response plans often involve legal, finance and communications teams because of the potential impact on customers, regulators and markets.

World Backup Day and Digital Cleanup Day have given vendors and practitioners a platform to call for more routine housekeeping. That includes reviewing which tools are actually in use, tightening access to data, and validating that backups work as expected under pressure.

Both Noel and Abbott emphasised that attackers increasingly exploit configuration errors, unmanaged assets and gaps between tools. Their comments underline a shift in security thinking towards continuous visibility and resilience as the scale and automation of ransomware campaigns grow.

Related stories
Western Digital details sustainability gains amid AI demand
Claroty appoints John Ryan to lead global partner push
Gigamon launches AI tools as observability market grows
LevelBlue warns of GhostOps risk from rogue AI agents
Datadog launches GPU Monitoring to cut AI compute costs

Top stories

One-third of FIFA World Cup partners lack email protection
CrowdStrike expands Google Cloud security & wins award
Claude Code can leak secrets in public npm packages
Exabeam widens AI agent monitoring for Google tools
Check Point teams with Google Cloud on AI agent security