Data protection is required to prevent ransomware payments, research shows
By Puja Sharma
Veeam unveils the results of its 2023 Ransomware Trends Report at VeeamON 2023, showing cyber insurance is becoming too expensive and 21% of organizations are unable to recover their data after paying the ransom
Organisations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyber threat. According to new data in Veeam’s Report, one in seven organisations will see almost all (>80%) data affected as a result of a ransomware attack – pointing to a significant gap in protection. Veeam Software, the leader in Data Protection and Ransomware Recovery, found that attackers almost always (93%+) target backups during cyber-attacks and are successful in debilitating their victims’ ability to recover in 75% of those events, reinforcing the criticality of immutability and air gapping to ensure backup repositories are protected.
The report shares insights from 1,200 impacted organisations and nearly 3,000 cyber-attacks, making it one of the largest reports of its kind. The survey examines key takeaways from these incidents, their impact on IT environments, and the steps taken, or needed, to implement data protection strategies that ensure business resiliency. This research report encompasses four different roles involved in cyber-preparedness and/or mitigation including, security professionals, CISOs or similar IT executives, IT Operations generalists, and backup administrators.
“The report shows that today it’s not about IF your organisation will be the target of a cyber-attack, but how often. Although security and prevention remain important, every organization must focus on how rapidly they can recover by making their organization more resilient,” said Danny Allan, CTO at Veeam. “We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance.”
Paying the ransom does not ensure recoverability
For the second year in a row, the majority (80%) of the organizations surveyed paid the ransom to end an attack and recover data – now up 4% compared to the year prior – despite 41% of organizations having a “Do-Not-Pay” policy on ransomware. Still, while 59% paid the ransom and were able to recover data, 21% paid the ransom yet didn’t get their data back from the cybercriminals. Additionally, only 16% of organizations avoided paying ransom because they were able to recover from backups. Sadly, the global statistic of organizations able to recover data themselves without paying the ransom is down from 19% in last year’s survey.
To avoid paying the ransom, your backups must survive
Following a ransomware attack, IT leaders have two choices: pay the ransom or restore from backup. As far as recovery goes, the research reveals that in almost all (93%) cyber-events, criminals attempt to attack the backup repositories, resulting in 75% losing at least some of their backup repositories during the attack, and more than one-third (39%) of backup repositories being completely lost.
By attacking the backup solution, attackers remove the option of recovery and essentially force paying the ransom. While best practices – such as securing backup credentials, automating cyber detection scans of backups, and auto-verifying that backups are restorable – are beneficial to protect against attacks, the key tactic is to ensure that the backup repositories cannot be deleted or corrupted. To do so, organizations must focus on immutability. The good news is that based on lessons learned from those who had been victims – 82% use immutable clouds, 64% use immutable disks, and only 2% of organizations do not have immutability in at least one tier of their backup solution.
Key highlights:
- Cyber insurance is becoming too expensive: 21% of organizations stated that ransomware is now specifically excluded from their policies, and those with cyber insurance saw changes in their last policy renewals: 74% saw increased premiums, 43% saw increased deductibles, 10% saw coverage benefits reduced.
- Incident response playbooks depend on backup: 87% of organizations have a risk management program that drives their security roadmap, yet only 35% believe their program is working well, 52% are seeking to improve their situation, and 13% do not yet have an established program. Findings reveal the most common elements of the ‘playbook’ in preparation against a cyberattack are clean backup copies and recurring verification that the backups are recoverable.
- Organisational alignment continues to suffer: While many organizations may deem ransomware to be a disaster and therefore include cyberattacks within their Business Continuity or Disaster Recovery (BC/DR) planning, 60% of organizations say they still need significant improvement or complete overhauls between their backup and cyber teams to be prepared for this scenario.
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage
Other Related News
December 10, 2024