How ready are organizations to manage and recover from a ransomware attack?
Zerto announced the findings of a ransomware study, revealing that gaps in readiness are seriously impacting the ability of many organizations to manage and recover from attacks.
The research also underlines the increased risk to mitigation strategies presented by widespread skills shortages and over-reliance on internal resources. This indicates that, while organizations recognize that one of the best protections against a ransomware attack is the ability to recover from it, many are still struggling to counteract ransomware when prevention has failed.
The study, conducted by ESG, shows that ransomware attack frequency and impact remain a major concern. In fact, nearly three-quarters of organizations experiencing ransomware attacks in the past 12 months (73% of respondents in total) were negatively impacted.
Even within the most advanced organizations (rated by ESG to be ‘Leaders’ in ransomware preparedness), 75% suffered operational disruption, calling into question how complete ransomware recovery strategies are even for those considered most prepared. The threat is also proving to compound itself for victims. Sixty-one percent of those who paid a ransom were then subjected to further extortion attempts resulting in extra payments being made on top of initial sums.
The research further underlines the risks associated with making ransom payments, with only 14% of respondents—one in seven—getting 100% of their data back even after acceding to a ransom demand. This illustrates that paying a ransom is no guarantee to getting a business completely back online.
Skills issues impacting the ability to respond and recover from attacks
Despite the volume and impact of attacks, 45% of survey respondents are struggling with skills issues that will help them respond to a ransomware attack. In particular, they report skills and training gaps within certain areas of their teams and external contractors/vendors, while others are severely lacking critical people and skills.
“Unfortunately, many organizations remain seriously under-prepared to effectively mitigate against the risks and impact of ransomware attacks,” commented Christophe Bertrand, practice director at ESG. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned. Instead, leaders should be focusing on ransomware strategies that emphasize effective, rapid, and complete recovery.”
“It’s worrying that many organizations are experiencing a ‘perfect storm’ of vulnerability that results from inadequate technologies and under-resourced teams,” said Caroline Seymour, VP of product marketing at Zerto.
The data is clear: ransomware attacks are growing in volume and severity. Paying the ransom is no longer a guarantee of recovering your data, nor should it. Organizations require a CDP solution that provides recovery in minutes to a state seconds before an attack. Since it’s not a matter of if but when, organizations need to double down on data protection and recovery.