Granular and air-gapped backup are critical to data recovery, when, not if, a business falls victim to ransomware. Those are among the key takeaways from an Enterprise Strategy Group (ESG) study that surveyed information technology (IT) and cybersecurity professionals working within organizations across North America and Western Europe.
According to the report’s findings, while ransomware attacks aren’t always made public, they are a common occurrence and represent both a significant and recurring source of business disruption. Among the more than 600 respondents, 79 percent experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent experiencing attacks daily. 79 percent of the survey’s respondents said they categorize ransomware preparedness as being within the top five on their list of overall business priorities.
“Organizations are building their own individual strategies and processes in response to a lack of industry reference architecture or a blueprint for ransomware protection,” said Christophe Bertrand, Practice Director at ESG. “The results of this report serve as a critical step in understanding the most important components of data recovery after a ransomware attack, and it is our hope that organizations can use this as guidance as they work towards preparedness.”
Other key findings
- 56 percent of respondents admitted to having paid a ransom to regain access to their data, applications, or systems but only 14 percent got all their data back following payment.
- Only 1 in 7 of organizations report protecting more than 90 percent of their mission-critical applications from cyberattacks.
- 39 percent of successful ransomware attacks impact cloud data, and 40 percent impact storage systems.
Additionally, some trends identified in the study include:
- Cloud and storage systems are the most common ransomware targets across the board.
- Granular data restores are widely preferred as a best practice over full rollback restores.
- Granular and air-gapped backup have emerged as best practices among industry leaders, with hybrid methodologies favored.
- Backup is the clear leader for cyber recovery strategy and can empower organizations to refuse to negotiate with ransomers.
“Public cloud infrastructure has become a destination of choice for data backup, which means that cloud data is increasingly becoming a target for cyber criminals who really want to render businesses inoperable. Organizations are concerned that their backup copies could be corrupted by ransomware attacks and protecting backup copies is a key prevention tactic,” said Jakob Østergaard, CTO at Keepit.
As an alternative to ransom paying, the study revealed that air-gapped backup and the ability to granularly restore data have emerged as best practices among industry leaders, with hybrid methodologies favored. In the context of backing up cloud data, this means allowing the backup or recovery copies to be physically and logically separated from the rest of the network.
Air-gapping is a time-tested solution that allows backup or recovery data copies to be housed separately from the rest of the network. It is becoming a “must-have” technology when it comes to keeping cloud data out of reach of cyber criminals. The report demonstrates that IT leaders will be looking for these capabilities in their current and future backup solutions, which must be hybrid to support on-premises, cloud only, or a combination of deployment topologies.