Organizations of all sizes are increasingly victims of ransomware attacks and according to the report data Veeam 2023 Ransomware Trends Report93% of them go to Backup storage.
The study indicates that more than 80% of companies will be affected by a ransomware attack, which points to a significant gap in protection. Veeam Software revealed that attackers almost always attack backups during cyberattacks and succeed in weakening the resilience of their victims in 75% of cases, reinforcing the importance of immutability and air-gapping to ensure security. protection of backup repositories.
Veeam’s 2023 Ransomware Trends Report shares information on 1,200 affected businesses and nearly 3,000 cyberattacks, making it one of the largest reports in its class. The survey examines the key takeaways from these incidents, their impact on IT environments, and the steps taken or required to implement protection strategies to ensure business resiliency. This research report covers four different roles involved in cyber preparedness and/or mitigation: security professionals, CISOs or similar IT executives, IT operations generalists, and backup administrators.
“The report shows that today it is not a question of if your organization will be the target of a cyber attack, but how often. While security and prevention remain important, it is critical for every organization to focus on how quickly they can recover by making their organization more resilient.“, recognize Danny Allan, CTO of Veeam. “We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing of both raw and backup data, ensuring the survival of backup solutions, and alignment of security teams. backup and cyber for a unified stance.”
Paying the ransom does not guarantee recoverability
For the second year in a row, the majority (80%) of organizations surveyed paid the ransom to end an attack and recover their data, now 4% more than the previous year, despite 41% of organizations having a “no pay” ransomware policy. Even so, while 59% paid the ransom and were able to recover data, 21% paid the ransom but did not recover their data from cybercriminals. Furthermore, only 16% of organizations avoided paying a ransom because they were able to recover thanks to backups. Unfortunately, the global number of companies able to recover data themselves without paying ransom is down to 19% since last year’s report.
To avoid paying a ransom, backups must survive
After a ransomware attack, IT leaders have two options: pay the ransom or restore from backup. Regarding recovery, this research reveals that in almost all cyberattacks (93%), criminals attempt to attack backup repositories, resulting in 75% losing at least some of their backup repositories during the attack, and more than a third (39%) of backup repositories are lost entirely.
Attackers attack backup systems during cyberattacks and manage to weaken their victims’ ability to recover in 75% of cases
By attacking the backup solution, the attackers remove the recovery option and essentially force the ransom to be paid. Some best practices, such as protecting backup credentials, automating cyber-scan scans of backups, and automatically verifying that backups can be restored, are beneficial in protecting against attacks. However, the key tactic is to ensure that backup repositories cannot be deleted or corrupted. To do so, companies must focus on immutability. The good news is that based on lessons learned from those who had been victimized: 82% use immutable clouds, 64% use immutable disks, and only 2% of organizations do not have immutability in at least one level of their security solution. backup.
Don’t get reinfected during recovery
When respondents were asked how they ensured data was “clean” during restore, 44% of respondents completed some sort of isolated test to rescan data from backup repositories before reintroducing it into the environment of production. Unfortunately, that means the majority (56%) of organizations risk reinfecting the production environment by not having a means to ensure clean data during recovery. That is why it is important to thoroughly scan the data during the recovery process.
Other key findings from the 2023 Ransomware Trends Report include:
- Cyber insurance is getting too expensive: 21% of organizations stated that ransomware is now specifically excluded from their policies, and those with cyberinsurance saw changes in their latest policy renewals: 74% saw premiums increase, 43% saw deductibles increase , 10% saw reduced coverage benefits.
- Incident response tactics depend on backup: 87% of organizations have a risk management program driving their security roadmap, yet only 35% believe their program is working well, while 52% are looking to improve their situation and 13% does not yet have an established program. The findings reveal that the most common items in cyberattack “playbooks” are clean backups and recurrent verification that backups are recoverable.
- Organizational alignment continues to suffer: While many organizations may view ransomware as a disaster and therefore include cyberattacks in their Business Continuity or Disaster Recovery (BC/DR) planning, 60% of organizations say they still need significant improvements or hotfixes between your backup and cyber teams to be prepared for this scenario.
