Almost 80% of organizations have experienced ransomware attacks in the past year—with more than a third of those reporting that the attacks occur on a daily or weekly basis. One in three report that they’ve experienced more than one successful attack. And only one in seven reports actually getting all their data back after meeting their attacker’s ransom demands.
Across the economy, far too many organizations are falling behind when it comes to ransomware defense. That’s why I recommend that everyone read “The Long Road Ahead for Ransomware Preparedness,” the new research study from Enterprise Systems Group (ESG). It’s an eye-opening and instructive look into the systemic deficiencies that are leaving organizations susceptible to this preventable threat—and the provided insights may help you bolster your organization’s ransomware defense. 1
Re-examining backup
While you might expect a blog on Secureworks’ website to focus primarily on the prevention and detection aspects of ransomware defense, the most interesting insights in the ESG study may be those regarding backup.
Backup is obviously a critical layer of ransomware defense. If you can quickly restore data that has been compromised and/or encrypted, you can continue doing business without having to pay off an attacker.
But the ESG study revealed several issues with how organizations are using backup to defend themselves against ransomware attackers. Those issues include:
- Only 49% are taking extra measures to protect all their backup data.
- Only 41% report extensively implementing granular data restore vs. full rollback.
- Only 30% have implemented air-gapping to protect their ransomware backup.
That last number is particularly problematic, because the failure to air-gap backup data leaves it vulnerable to the same attackers who have already infiltrated the environment. Continued reliance on full rollback restoration can also be dicey—since full rollbacks can significantly extend recovery times, resulting in lost revenue, alienated customers, and adverse brand publicity.
Cyber defense at the perimeter and the core
That said, the rate of successful ransomware attacks clearly reveals weaknesses in organizations’ cyber defenses. Those weaknesses can be broadly categorized as occurring at both the perimeter and the core.
At the perimeter, a top issue is vulnerability management. As vulnerabilities in internet-facing devices are by far the leading initial access vector (IAV) for attackers. Yet, according to ESG, improvements to vulnerability management are alarmingly far down most organizations’ list of anti-ransomware investment priorities. And this is despite that more than half (52%) readily admit that there are shortfalls in their vulnerability management programs.
It's also clear from the rate of ransomware attack success that organizations must get much better at quickly detecting, identifying, and neutralizing threat actors who manage to get past the perimeter. Ransomware attacks require significant lateral exploration and compromise following the initial breach. So, the faster you pinpoint an attack, the greater your odds of avoiding a data encryption event that forces you into a crisis scenario.
One strategy, multiple tactics
There’s a lot more interesting stuff in the ESG report—because ransomware defense has so many facets to it. Does your organization have a cryptocurrency wallet ready to go in case you decide your best move is to pay the bitcoin ransom your attacker is demanding? Are you using cyber insurance to help mitigate your overall business risk? Do you have a good, solid communications plan in place? According to ESG, 53% of respondents do. But that still leaves almost half unprepared.
In fact, one of the main takeaways from the report is how ransomware preparedness is everyone’s job—with additional resourcing required across cybersecurity, IT operations, data protection, general IT, and even executive allocations.
So, I encourage you to take a look at the survey yourself. Some of the results may help you validate your organization’s approach to ransomware defense. Some may give you food for thought about improving your company’s posture—and even provide you with some empirical ammunition for your discussions with other stakeholders in your organization.
And, of course, if you want any help with any aspect of ransomware readiness—whether it’s vulnerability management on your perimeter, threat detection across your enterprise, adversarial testing, response prep, or any combination thereof—we’re here to help!
1The research by ESG was paid for and sponsored by Secureworks.