The survey found that traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack. Citing this and other findings from the survey—including the widespread impact of the attacks and the average financial costs totaling over $400,000—the report calls for organizations to focus greater attention on putting systems in place that enable quick data recovery in the event of an attack, without paying ransom.
We sat down with Jon Toor, CMO, Cloudian to discuss this latest report and what organizations need to do to prepare for this new wave of ransomware. Why is ransomware so prevalent today?
Cybercriminals know that organizations everywhere are increasingly dependent on their data, making it an ideal target for an easy payday. In addition, the shift to more remote working and learning during the COVID pandemic has created security vulnerabilities that make it easier for ransomware to penetrate. Finally, the emergence of ransomware-as-a-service has enabled criminals with little or no technical background to capitalize. As ransomware attacks continue to rise without any signs of slowing, it’s clear that a new approach is needed to stop them.
How has ransomware preparedness changed over the last 6 months with the increase in attacks?
The increase in ransomware attacks has highlighted the fact that traditional defenses are failing. In our survey, 54% of all victim organizations had anti-phishing training and 49% had perimeter defenses in place at the time of attack, yet ransomware was still able to penetrate. As a result, there’s growing recognition of the need to take a more comprehensive approach, one that assumes ransomware will get in and focuses greater attention on ensuring data is protected at the storage level such that it can be quickly recovered in the event of an attack. One of the best ways to do so is having an immutable – or unchangeable – data backup copy. Immutability prevents hackers from encrypting or deleting the data, thereby enabling victims to recover that data without having to pay ransom. More than 100 customers have adopted our data immutability solution, called S3 Object Lock, over the past year.
What surprised you most about the report's findings?
To a great extent, the survey confirmed much of what we’ve been hearing from enterprises and service providers. However, I think many of your readers would be surprised by some of the findings, such as:
65% of respondents that reported phishing as the entry point for the ransomware attack had conducted anti-phishing training for employees.
56% said that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30% said it happened within 24 hours.
For the 55% that chose to pay ransom – at an average cost of $223,000 – they also incurred an average of $183,000 in additional costs related to the attack.
On average, cyber insurance covered only about 60% of the ransomware payment and other costs incurred by those that paid ransom, presumably reflecting deductibles and coverage caps.
What can organizations do to ensure they are prepared for ransomware?
Having a comprehensive cybersecurity strategy has never been more crucial. This means not only ensuring that you have robust, up-to-date perimeter defenses but also employing data immutability technology to protect your data at the storage level for quick and easy recovery in the event of an attack. As previously mentioned, immutability prevents data from being deleted or altered by ransomware.
By empowering victims to recover data and restore normal operations without paying a ransom, data immutability also helps break the cycle of payments financing more ransomware attacks. Stopping ransom payments is the surest way to stop ransomware attacks.
In addition, for organizations that have cyber insurance coverage, implementing data immutability can help them obtain ransomware coverage, help ensure that an insurance claim will be covered (e.g., some insurers may refuse to pay claims if organizations have not adequately protected their data) and possibly qualify them for a discounted rate.