Cloud Hosting

Ransomware continues to plague organizations all over the world. The most common entry points of ransomware into enterprise IT environments are phishing emails, malicious links, and dubious websites, according to Veeam Softwares 2022 Ransomware Trends Report.

The provider of backup, recovery, and data management solutions found that 44 percent of organizations have experienced such cyberattacks in the past year, while 41 percent named infected patches and software packages as the other ransomware culprits.

Veeam surveyed 1,000 independent IT leaders in 16 countries to determine the impact ransomware has had on various organizations. All respondents experienced at least one cyberattack in 2021, with many experiencing at least two attacks. Approximately half (47 percent) of their data was encrypted by ransomware.

Also see: The Successful CISO: How to Build Stakeholder Trust

Once bad actors enter the IT environment, they typically target mainstream platforms like backup repositories (94 percent) and production platforms (80 percent). Many ransomware attacks are based on known vulnerabilities within mainstream hypervisors and operating systems or database servers. Hence,organizations should have broader conversations not only with their cybersecurity team, but also database administratorsto ensure that database servers are secure, hypervisors are patched, and updates are routinely administered.

Veeam also surveyed 3,393 organizations in a separate 2022 Data Protection Trends Report. According to those findings, 76 percent of organizations have experienced at least one ransomware attack last year, while 24 percent either avoided attacks or werent aware of an attack. This data underscores the fact that ransomware attacks are extremely common and affect most organizations.

The most shocking data points in the study revolved around what happens when customers pay for the ransom. Only about half (52 percent) of those with encrypted data successfully recovered their data when the ransom was paid.

A whopping 24% of organizations were not able to get their data back, even when the ransom was paid. When paying ransom, most (72 percent) organizations used some form of insurance. Fifty-seven percent of respondents said they have cyber insurance that includes ransomware coverage, 30 percent have cyber insurance without ransomware coverage, and 13 percent dont have cyber insurance.

The likelihood that organizations will pay a ransom following a cyberattack is high, not only because they value their data but also to avoid remediating significant portions of their infrastructure. Veeams ransomware report found most organizations were able to start remediation either the same or the following day. Those respondents said recovery took an average of 18 days to complete.

The usual remediation options for ransomware are either restoring frombackups orpaying a ransom to recover data.Restoring from backup can result in data loss if an organization doesnt have the right capabilities in place.Organizations should have tested and secure backups that can be restored quickly. For this reason, a backup infrastructure should be part of every organizations cybersecurity defense plan.

Its important to understand the difference between protecting backup repositories and having clean data within the repositories. Just because a repository is protected doesnt mean the contents are malware-free. Using clean backups is key to successful recovery. Nearly a third (31 percent) of organizations surveyed by Veeam relied on immutability, while 46 percent used a sandbox and 36 percent restored directly to production and then scanned for safety.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Secure backup is the last line of defense against ransomware. Organizations should have at least three copies of data on two different media with one copy being offsite, one being offline, air-gapped, or immutable. By applying this modern 3-2-1-1-0 rule, organizations can be better prepared to deal with cyberattacks, especially as the threat of ransomware keeps growing.

Luckily, 95 percent of organizations now use at least one method of retaining isolatable backup data. The report found 74 percent of organizations use some type of cloud-service and 67 percent use on-premises storage.

Most organizations use a combination of cloud services and tape data storage, which is a lower cost alternative to other storage solutions. Smaller organizations are likely to choose cloud services, while large enterprises are more selective when it comes to long-term data retention due to scale and regulatory challenges.

While backup is fundamental to data recovery, the alignment between cybersecurity and backup teams is currently lacking at most organizations. In fact, 52% of the respondents said their organization needs to make significant improvements for cybersecurity and IT backup teams to collaborate successfully.

Therefore, in addition to having backup solutions and comprehensive disaster response plans in place,sharing those plans with other security teams is what will help organizations improve their incident response.

Also see: Best Website Scanners

Visit link:
Security and Backup Alignment Critical to Ransomware Recovery | eWEEK - eWeek