Ransomware improvement plans plan

Nearly 40% of companies surveyed do not have a ransomware strategy that focuses on recovery.

  • 2 years ago Posted in

Zerto has released findings from its 2022 Ransomware Strategy Survey conducted at VMware Explore US in August/September 2022. The research revealed gaps in companies’ data protection and ransomware strategies that they will want to address to reduce their risk of interrupted business operations in the event of a ransomware attack.

The lack of focus on recovery endangers business operations in the face of ransomware attacks

As found in a recent IDC report sponsored by Zerto, the impact of ransomware attacks is extensive. The cost to people can be high with employee overtime, lost employee productivity, the direct cost of recovery (i.e., the engagement of consultants or specialists), and unrecoverable data being notable issues. However, there are even more significant impacts like lost revenue, damaged company reputation, and permanent loss of customers.

That is why cyberthreats are part of most businesses' high-level strategy. However, the way in which organisations prepare to combat those threats varies. Only half of the companies surveyed focus on both recovery and prevention. This indicates that a holistic view is far from the norm amongst those surveyed. Interestingly, over a third of respondents (37%) do not have a strategy in place that focuses on recovery. They either have a sole focus on prevention or, alarmingly, have no formalised strategy in place yet (8.7%). This is dangerous because, as ransomware actors become more capable of impounding data, businesses will suffer if they can’t get back up and running immediately on their own behalf. 

Creating a more holistic ransomware strategy

Ransomware can be combated with proper recovery strategies, but not all companies have a formalised recovery strategy in place. The report shows that companies are reevaluating their data protection and cyber resilience strategies. In the survey, 66.8% deem their strategy in need of further examination; meanwhile, 20% are satisfied with the plans in place. 

It’s notable that two-thirds of respondents indicated they are reviewing the strategy they have in place—especially considering the current cyberthreat landscape. This may signal that prevention is not enough and that legacy data protection is failing. As companies reevaluate their strategies, those that haven’t yet put a focus on recovery will benefit by leaning in the direction of continuous data protection, which offers a continuous stream of recovery checkpoints that allow them to rewind to a time within seconds prior to an attack.

“In an era of relentless cyberthreats, strategies to combat attacks can’t remain idle, and they must be multidimensional,” said Caroline Seymour, VP of product marketing at Zerto. “Cyber attackers have proven that they can breach fortified security structures, so companies need a plan in place for what to do once bad actors are in. If the goal is to keep business running and operating, a recovery strategy is required. It’s positive that many companies have multifaceted strategies in place, but completely protecting the business requires recovery capabilities.”

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...