Ransomware improvement plans plan

Nearly 40% of companies surveyed do not have a ransomware strategy that focuses on recovery.

  • 2 years ago Posted in

Zerto has released findings from its 2022 Ransomware Strategy Survey conducted at VMware Explore US in August/September 2022. The research revealed gaps in companies’ data protection and ransomware strategies that they will want to address to reduce their risk of interrupted business operations in the event of a ransomware attack.

The lack of focus on recovery endangers business operations in the face of ransomware attacks

As found in a recent IDC report sponsored by Zerto, the impact of ransomware attacks is extensive. The cost to people can be high with employee overtime, lost employee productivity, the direct cost of recovery (i.e., the engagement of consultants or specialists), and unrecoverable data being notable issues. However, there are even more significant impacts like lost revenue, damaged company reputation, and permanent loss of customers.

That is why cyberthreats are part of most businesses' high-level strategy. However, the way in which organisations prepare to combat those threats varies. Only half of the companies surveyed focus on both recovery and prevention. This indicates that a holistic view is far from the norm amongst those surveyed. Interestingly, over a third of respondents (37%) do not have a strategy in place that focuses on recovery. They either have a sole focus on prevention or, alarmingly, have no formalised strategy in place yet (8.7%). This is dangerous because, as ransomware actors become more capable of impounding data, businesses will suffer if they can’t get back up and running immediately on their own behalf. 

Creating a more holistic ransomware strategy

Ransomware can be combated with proper recovery strategies, but not all companies have a formalised recovery strategy in place. The report shows that companies are reevaluating their data protection and cyber resilience strategies. In the survey, 66.8% deem their strategy in need of further examination; meanwhile, 20% are satisfied with the plans in place. 

It’s notable that two-thirds of respondents indicated they are reviewing the strategy they have in place—especially considering the current cyberthreat landscape. This may signal that prevention is not enough and that legacy data protection is failing. As companies reevaluate their strategies, those that haven’t yet put a focus on recovery will benefit by leaning in the direction of continuous data protection, which offers a continuous stream of recovery checkpoints that allow them to rewind to a time within seconds prior to an attack.

“In an era of relentless cyberthreats, strategies to combat attacks can’t remain idle, and they must be multidimensional,” said Caroline Seymour, VP of product marketing at Zerto. “Cyber attackers have proven that they can breach fortified security structures, so companies need a plan in place for what to do once bad actors are in. If the goal is to keep business running and operating, a recovery strategy is required. It’s positive that many companies have multifaceted strategies in place, but completely protecting the business requires recovery capabilities.”

Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
Falcon platform will deliver complete protection against identity-based attacks across hybrid cloud...
95% of UK businesses said they were negatively impacted by supply chain cyber breaches within the...
Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...