informa
Commentary

The Vulnerability Lag: Cut Ransomware Risks Resulting From Digital Transformation

Exploring ransomware and other data integrity risks from accelerated digital transformation in the wake of COVID-19.

It's never been more important for organizations to protect themselves against ransomware and other threats to data integrity. But to do that, production and protection environments must evolve together — as each new system, application, or workload is introduced into an organization's technology stack, new tools need to be implemented to protect them.

Too often, however, the need or desire to innovate at speed throws this balance off, creating a vulnerability lag where systems and data are left open to attack.

The global COVID-19 pandemic was a catalyst for creating vulnerability lags in organizations across the US and throughout the world. The need to rapidly introduce new systems to support evolving business practices such as remote work, contactless interaction, and providing consumers with online everything meant that IT departments were often forced to prioritize the delivery of functionality over security.

This introduced a thunder-and-lightning effect, where we first saw the lightning flash of innovation and then had to wait for the thunderclap of protection to follow. The intervening period is the biggest window of opportunity for failure where organizations expose themselves to ransomware, compliance failures, downtime, and myriad other data risks.

With the two-year anniversary of the first COVID-19 diagnosis just around the corner, it's easy to assume this vulnerability lag is surely ending, but recent research from Veritas Technologies paints a different picture:

Protection infrastructures still lag behind developments in production infrastructures that have undergone dramatic changes since the start of the pandemic, leaving businesses vulnerable to data loss events such as ransomware attacks.

  • Since COVID-led digital transformation initiatives began, 80% of respondents' organizations newly implemented or expanded their deployment of cloud infrastructure beyond their original plans.
  • Only 58% of surveyed senior IT decision-makers believe that they can confidently and accurately state the exact number of cloud services that their organization is currently using.
  • Cloud technology (56%) and security (51%) are the two most reported gaps that now exist in respondents' organizations' IT strategies that are leaving them open to attack.
  • The average organization has experienced 2.57 ransomware attacks that led to downtime in the past 12 months, with 10% having been hit more than five times.
  • Organizations with at least one gap in their technology strategy have on average experienced around five times more ransomware attacks leading to downtime in the last year than those with no gaps in their strategy.

There is no quick fix — it will take another two years to eliminate the current vulnerabilities that organizations face today. In the meantime, they will remain vulnerable.

  • Only 61% believe that their organization's security measures have fully kept up since the implementation of COVID-led digital transformation initiatives over the past 18 months.
  • Organizations would need to spend an average of $2.47 million (USD) to close the gaps in their technology strategy within the next 12 months.
  • On average, respondents think that their organization would need to hire 27 full-time IT employees to close the gaps in their technology strategy within the next 12 months.
  • There is a lack of clarity on what needs to be protected — on average, respondents' organizations' data is made up of 35% dark data; 50% redundant, obsolete, or trivial (ROT) data; and only 16% business critical data.

Vulnerability Lag + IT Talent Gap = Even Greater Risk
According to other recent research, 87% of companies report that they are either already experiencing talent gaps or expect them within the next few years. The areas with the biggest gaps? Data analytics and other IT specialties.

Given this global IT skills shortage, it's unlikely that every company is going to be able to acquire the dozens of additional IT staff needed to rise to this challenge. Enterprises are going to have to be smart if they want to shore up their protection infrastructures against ransomware and other threats to data integrity.

An Uphill Battle, but Not an Insurmountable Mountain
Clearly, overcoming the vulnerability lag in such an environment is going to be an uphill battle, but that doesn't mean it's unwinnable. For businesses that don't have access to the additional financial and talent resources needed, a step toward addressing the vulnerability lag is to consider prioritizing data management strategies that through automation maximize visibility and protection across all of your data. [Editor's note: The author's company is one of a number of vendors that use automation in this way.]

Nearly every organization has been stretched by the challenges COVID-19 created, and businesses were right to prioritize the immediate issue of empowering the shift to remote work and online everything. Now, though, the time has come to restore the balance — the price to pay for inaction is far too great.

Recommended Reading: