Enterprise Strategy Group Research Reveals Majority Organizations View Ransomware as a Top-three Threat to the Viability of the Business
September 21, 2023Zerto, a Hewlett Packard Enterprise company, announced the results of a major new study, confirming that ransomware continues to pose a serious threat and is viewed today as one of the top concerns for viability within organizations. Companies are becoming increasingly aware of the damage caused by these attacks and understanding the dire reality of the potential compromise. The research indicates that nearly two-thirds (65%) of respondents consider ransomware to be one of the top three most serious threats to the viability of the organization.
The study was conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto. Its findings, published in a new e-book titled “2023 Ransomware Preparedness: Lighting the Way to Readiness and Mitigation,” show that organizations can lose vital minutes to hours of time in recovery, resulting in significant and unacceptable consequences for large-scale operations. Combined with evolving techniques and targets designed to motivate payment from victim organizations, this data highlights the crucial need to reengineer recovery processes for ransomware attacks.
In addition, nearly 60% of respondent organizations report an impact to regulated data, such as personally identifiable information, in successful ransomware attacks. The study also indicates that configuration data faces an increasingly significant risk of compromise, with more than half of respondents indicating this data class was affected by a successful ransomware attack. This shows that attackers understand affecting infrastructure of a company at the core is an effective way to halt production in its tracks. As a result, IT professionals preparing to mitigate ransomware attacks must consider both business-related and infrastructure data equally in their efforts.
As the time and cost of securing data through the entirety of the data backup process continue to rise, new methods of protection arise to ensure the maximum security of backed up data. Air gapping has become a viable solution for these environments, with more than three-quarters of organizations using, testing, or expressing interest in this solution. By leveraging backups stored in volumes inaccessible by default and only accessible during protected backup sessions, cyber attackers are prevented from displacing or destroying backup data.
Despite the importance of this solution, the response breakdown shows only slightly more than one in four (27%) organizations have deployed it at this point, while 18% are in the process of testing and deploying an air-gapped solution. This confirms that while it is seen as a viable strategy, there is still much work to be done in the market overall to ensure that the vast majority have it in place.
“Given the high frequency of ransomware attacks and the impacts of successful ones such as data and infrastructure loss, many organizations are left with damages that have an effect well beyond IT,” commented Christophe Bertrand, practice director at ESG. “Attackers often go beyond valuable data assets by undermining key infrastructure components and exposing significant gaps, including those in the backup infrastructure itself. IT leaders must understand that the nature of the threat goes well beyond just data and focus on protecting and further leveraging their backup and recovery infrastructure to de-risk and minimize business impact through advanced capabilities.”
“In an environment in which business leaders identify ransomware to be one of the most serious threats to the survival of an organization, it’s imperative that they can achieve the fastest time to protect, detect, and recover from ransomware. That’s the direction we are driving innovation for our customers,” said Caroline Seymour, VP of product marketing at Zerto. “Our real-time encryption detection and air-gapped recovery vault deliver a secure and highly advanced solution that allows IT leaders to protect against threats that go beyond just data. It gives them peace of mind so they can focus on early detection of an attack and an iron-clad recovery infrastructure to de-risk and minimize business impact through advanced capabilities.”
To download the full research e-book, please click here.