Ransomware: An Existential Threat Demanding Urgent Action

Ransomware continues to pose a serious and growing threat to organizations of all sizes and across all industries. According to a new research report from Zerto and Enterprise Strategy Group (ESG), nearly two-thirds of IT and cybersecurity professionals view ransomware as one of the top three most serious threats to the viability of their organization. With AI-driven attacks becoming more frequent and sophisticated, organizations must take action now to improve ransomware preparedness and mitigate risks.

Ransomware Prevalence and Impacts

The ESG survey of 600 IT and cybersecurity professionals reveals troubling statistics about the prevalence of ransomware and its impacts. 

Approximately 70% of organizations experienced attempted ransomware attacks on at least a monthly basis over the past year. Even more alarming, among those hit by a successful ransomware attack, only 16% were able to recover 100% of their data — even after paying the ransom demand. This shows that merely paying the ransom is no guarantee of recovering critical data and systems.

The reality is that it’s not a matter of if an attack will occur, but rather when it will strike. Therefore, it’s crucial to acknowledge that ransomware poses a significant and immediate threat that cannot be ignored, and immediate action must be taken to combat it.

Impacts from successful attacks go far beyond just data loss. One-third of organizations reported compliance exposures, while nearly half experienced operational disruptions. Over 40% cited direct impacts to employees, customers, and partners. The damages can be widespread.

Strengthening Defenses Across the Kill Chain

Organizations need to focus on improving prevention, response, and recovery measures across the ransomware kill chain. ESG's research identifies several best practices:

Harden Attack Surfaces

Implement preventative security controls like network segmentation, multi-factor authentication, endpoint detection and response (EDR) tools, email security gateways, and backup/DR infrastructure security. Make sure backups and recovery systems have extra protections, as these are frequent ransomware targets.

Protecting the ‘protector’ is an area where there is work ahead for many.

Detect Threats Early

Analyze backup copies to identify anomalies and suspicious activity. Use backup scanning to catch ransomware before it impacts production data. Conduct scans in real-time or near real-time for the fastest detection.

It’s important to scan as thoroughly as possible. While real-time scanning is preferred for early detection, post-process solutions may be more practical for larger systems due to performance or cost reasons.

Isolate and Protect Backup Data

Isolate backups from production systems via air gaps or immutable object storage. This protects backups from alteration or deletion if production systems are compromised. Consider on-premises and cloud-based options.

Despite the importance of this solution, only slightly more than one in four (27%) organizations have deployed it at this point.

Maintain Recovery Flexibility

Maintain updated snapshots and immutable backup copies on-premises and in the cloud to enable quick, granular recovery. Regularly test and rehearse recovery procedures.

Having access to multiple mechanisms may contribute to complexity if not carefully planned, this can be turned into an advantage.

Encrypt Data

Encrypt data at rest and in transit using AES-256 or similar strong encryption standards. Carefully manage keys.

Minimize Productivity Loss

Deploy continuous replication, journaling, and CDP to minimize data loss and recovery time objectives (RTOs).

Respond Rapidly

Partner with incident response services that can rapidly contain attacks and guide recovery efforts. Time is of the essence.

Educate Employees

Educate employees on cybersecurity best practices to avoid falling victim to social engineering tactics that enable ransomware installation.

Ransomware Targets More Than Business Data

The research also busts the myth that ransomware only targets business data. In fact, sensitive infrastructure configuration data faces significant risk, with over 50% of attacks resulting in compromise of that data. Why? Because crippling key infrastructure components effectively halts operations.

IT leaders must recognize that ransomware resilience requires protecting business data and applications, as well as hardening infrastructure configurations (e.g., identity and access management, VPNs, and backups).

Advanced Backup and Recovery Solutions Required

As ransomware continues to plague organizations globally, proper preparedness and mitigation strategies are imperative. Companies who view ransomware as a serious threat are more apt to invest in advanced backup/recovery solutions with features like:

• Anomaly detection using machine learning and behavioral analytics
• Immutable storage capabilities
• Orchestration across on-premises and multi-cloud resources
• Quick recovery of large datasets
• Endpoint and SaaS application protection

By implementing comprehensive protections for infrastructure, data, and productivity, organizations can minimize business risk, improve resilience, and take back control from attackers. Don't become another ransomware statistic. Take action now to protect your organization's viability.