Ransomware attacks nearly doubled in 2021 and continue to increase substantially. Attack surface areas are increasing, attackers have become more sophisticated, and paying the ransom doesn’t always end the nightmare.
It all explains why, despite having ransomware strategies in place, very few large organizations feel totally prepared.
To uncover the best practices and strategies used by the organizations that do feel most prepared for an attack, Enterprise Strategy Group (ESG) recently surveyed 620 IT and cybersecurity professionals personally involved with the technology and processes associated with protecting against ransomware attacks at midmarket (100 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada) and Western Europe (UK, France, and Germany).
Download the report, to see the findings and read on to learn what you can do to best protect your organization.
IT Systems Are Ransomware Attackers’ New Favorite Target
Storage and cloud are now the most common ransomware targets, with vulnerable software and misconfigurations being the most common entry points.
Although storage systems and cloud are the most common targets across the board, networks and IT infrastructure—specifically data protection infrastructure—are also atop the target list. More than half of survey respondents who were ransomware attack victims reported involvement of sensitive infrastructure configuration data.
By disabling all or part of the IT infrastructure, cybercriminals disrupt IT and business operations with the goal of completely shutting a business down.
Protecting Backup Copies Is a Key Prevention Tactic
Attackers know that having the ability to restore data mitigates their attack and could eliminate the incentive to pay a ransom so they are specifically targeting backup workloads and processes to eliminate this defense. As a result backup protection is no longer a “nice-to-have” but a “must-have.” Most organizations are very concerned about the vulnerability of their backup copies, and many use third-party tools to validate their backup copies in addition to security controls to protect their backup infrastructure.
Ideally, all organizations would protect all their backups. However, only 49% of survey respondents said their organization is taking extra measures for all their backup copies.
Ransomware Readiness Is a Team Sport
Ransomware preparedness is clearly a cross-functional effort, with investments within organizations coming from a variety of departments, including IT, security, and data protection. The majority of survey respondents also reported additional investment from centralized ransomware budgets. Part of this is assembling an emergency response team of cross-functional players who can swing into action in a crisis.
Organizations use the investments for a wide variety of collection preparedness activities, including data recovery testing, employee security awareness training, penetration testing, and response readiness assessments.
Not Many Orgs Are Air Gapping, But Do They Need to Be?
Only 30% of the survey’s respondents said they have deployed an air gap solution to mitigate the effects of ransomware via the separation of production and backup networks.
The idea of air gapping is to make backups unreachable to attackers. But is air gapping really the answer? Air gaps can deliver enhanced protection by:
- Providing better security than traditional backup architecture.
- Limiting the spread of malware.
- Making it harder for hackers to access air-gapped data.
- Increasing the chances of recovering from an attack and making it easier to recover uncompromised data post-attack.
However, air gaps are high-maintenance, expensive to implement and operate, not 100% immune to attacks, not easily scalable, and don’t solve for internal threats.
Pure Storage® offers a modern, much simpler, and faster take on the virtual air gap: SafeMode™, which creates a secure enclave from which snapshots cannot be deleted—whether it’s manually by a human or through a programmatic approach.
Are Orgs Testing Their Recovery Times Frequently Enough?
Quick data recovery is of course a key part of ransomware preparedness, and with ransomware, restore is the new backup. However, only 41% of organizations surveyed test at least once a week, which is too infrequent given the current influx of attacks.
Only 41% of organizations surveyed test at least once a week, which is too infrequent given the current influx of attacks.
This may be due to ransomware data restoration not being as straightforward as a “normal” recovery and the difficulty of planning for so many different types of attacks. But, organizations should still test as frequently as possible, if for no other reason than to get better at testing.
All of the above are key temperature changes in the ever-evolving ransomware sphere—ones to take note of for any organization with valuable information to protect.
For the full picture, download the ESG e-book now.