The good news: IT professionals recognize the important of data resiliency in ransomware defense. Less good: The recovery measures they are relying on may not be as effective as practitioners expect.
A recent IDC and Druva survey asked 505 respondents across 10 industries about their ransomware experiences and found that many organizations struggle to recover after an attack. In the survey, 85% of the respondents said their organizations had a ransomware recovery plan. The challenge seems to lie in effectively executing that plan.
"A majority of organizations suffered significant consequences from ransomware attacks including long recoveries and unrecoverable data despite paying a ransom," states the "You Think Ransomware Is Your Only Problem? Think Again" report.
Data resiliency is such an important element of cybersecurity that 96% of respondents considered it a top priority for their organizations, with a full 77% placing it in the top 3. What's striking about the survey results is that only 14% of respondents said they were "extremely confident" in their tools, even though 92% called their data resiliency tools "efficient" or "highly efficient."
"When data is spread across hybrid, cloud, and edge environments, data resiliency becomes much more complicated," said W. Curtis Preston, chief technology evangelist at Druva, in a blog post.
A plan might seem to cover everything, but then you realize that you lost your backup or can't find the latest restore point.
The ability to recover from an attack is vital, since the growth in ransomware makes it likely that your organization will get hit. This is why agencies like NIST recommend preparing for when an attacker pierces your defenses rather than trying to keep out every intruder. That mindset also shifts the priority to preparation and planning; you need to create a disasterrecovery plan that includes policy on restore points and recovery tools — and you need to practice implementing that plan before disaster strikes.
The report lists three key performance indicators that reveal the success of an organization's recovery from a cyberattack:
- The ability to fully recover encrypted or deleted data without paying a ransom.
- Zero data loss in the process of recovering the data.
- Rapid recovery as defined by applicable service-level requirements.
"When a recovery fails to meet these criteria, then the organization may suffer financial loss, loss of reputation, permanently lost customers, and reduced employee productivity," the report warns.