SAN FRANCISCO–If credit unions believe strong backups alone are enough to blunt a ransomware attack, security experts say that assumption is becoming increasingly risky as threat actors shift their focus to the recovery systems institutions depend on most.
Speaking with Bank Info Security at the RSAC Conference 2026 here, Anthony Cusimano, chief evangelist and director of solutions marketing at Object First, said ransomware operators are increasingly moving beyond encrypting production systems and instead targeting backup infrastructure itself — a tactic designed to remove the easiest path to recovery and increase the odds a victim will pay.
Cusimano told Bank Info Security attackers learned that organizations with reliable backups were sometimes able to restore operations without paying a ransom. By compromising or disabling backup storage, he said, threat actors can undercut that strategy and turn backup systems into a critical point of failure rather than a safety net.
He said many organizations still rely on legacy backup environments that remain vulnerable, leaving storage systems exposed when they should be hardened as part of the overall cyber defense posture. In response, Cusimano said institutions should consider stronger protections such as immutable storage that prevents backup data from being changed, deleted or altered once it is written.
Cusimano also stressed that technology alone is not enough. He told Bank Info Security organizations need to validate backup security through third-party penetration testing, routinely test recovery procedures and runbook simulations, and invest in better administrator training — even as limited time and budget continue to make those steps harder to execute.
Section: Standard
Word Count: 329
Copyright Holder: CUToday.info
Copyright Year: 2026
Is Based On:
URL: https://www.cutoday.info/Fresh-Today/Think-Your-Backups-Will-Save-You-Ransomware-Gangs-Are-Coming-For-Them-Now
