Ransomware improvement plans plan

Nearly 40% of companies surveyed do not have a ransomware strategy that focuses on recovery.

  • 2 years ago Posted in

Zerto has released findings from its 2022 Ransomware Strategy Survey conducted at VMware Explore US in August/September 2022. The research revealed gaps in companies’ data protection and ransomware strategies that they will want to address to reduce their risk of interrupted business operations in the event of a ransomware attack.

The lack of focus on recovery endangers business operations in the face of ransomware attacks

As found in a recent IDC report sponsored by Zerto, the impact of ransomware attacks is extensive. The cost to people can be high with employee overtime, lost employee productivity, the direct cost of recovery (i.e., the engagement of consultants or specialists), and unrecoverable data being notable issues. However, there are even more significant impacts like lost revenue, damaged company reputation, and permanent loss of customers.

That is why cyberthreats are part of most businesses' high-level strategy. However, the way in which organisations prepare to combat those threats varies. Only half of the companies surveyed focus on both recovery and prevention. This indicates that a holistic view is far from the norm amongst those surveyed. Interestingly, over a third of respondents (37%) do not have a strategy in place that focuses on recovery. They either have a sole focus on prevention or, alarmingly, have no formalised strategy in place yet (8.7%). This is dangerous because, as ransomware actors become more capable of impounding data, businesses will suffer if they can’t get back up and running immediately on their own behalf. 

Creating a more holistic ransomware strategy

Ransomware can be combated with proper recovery strategies, but not all companies have a formalised recovery strategy in place. The report shows that companies are reevaluating their data protection and cyber resilience strategies. In the survey, 66.8% deem their strategy in need of further examination; meanwhile, 20% are satisfied with the plans in place. 

It’s notable that two-thirds of respondents indicated they are reviewing the strategy they have in place—especially considering the current cyberthreat landscape. This may signal that prevention is not enough and that legacy data protection is failing. As companies reevaluate their strategies, those that haven’t yet put a focus on recovery will benefit by leaning in the direction of continuous data protection, which offers a continuous stream of recovery checkpoints that allow them to rewind to a time within seconds prior to an attack.

“In an era of relentless cyberthreats, strategies to combat attacks can’t remain idle, and they must be multidimensional,” said Caroline Seymour, VP of product marketing at Zerto. “Cyber attackers have proven that they can breach fortified security structures, so companies need a plan in place for what to do once bad actors are in. If the goal is to keep business running and operating, a recovery strategy is required. It’s positive that many companies have multifaceted strategies in place, but completely protecting the business requires recovery capabilities.”

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...