People, process and technology are the triad for cybersecurity strategy. Too often we focus on the technology portion and struggle to respond when failures occur or attacks are successful. Too often there’s confusion and delay because processes aren’t documented, teams are siloed and possibly in conflict or, worse, assumptions are made regarding responsibility. In a world of modern attacks like ransomware, this turns into real dollars due to downtime and data loss.
The good news, as shown by this year’s Veeam Data Protection report, is the convergence between IT teams and their processes are continuing to evolve, as reported by nearly 3,400 IT leaders across 28 countries. The independent survey (not Veeam customers) was conducted by analysts at Vanson Bourne. Two of the authors of the report recorded a short 4-minute video on the cybersecurity insights from the report here:
One of the best nuggets in the research is that 88% of organizations have a direct alignment between the cybersecurity and disaster recovery (including data backup) teams. It’s been a long time coming even though the alignment seems so obvious. Unfortunately, backup and recovery has often been assumed to simply be available; and assumptions cost money when all your systems are down.
This is exciting because the more integrated the different IT functions are, the faster you’ll be able to respond when an incident occurs. The better alignment between teams also implies organizations are maturing their cybersecurity strategies to look at attacks wholistically, which would allow for more proactive security processes. That said, we shouldn’t get too focused on the next big attack because the 2022 Data Protection report also reminds us that old-school tactics are still very successful. Spam (17%), malicious links (25%), and credential compromise (23%) accounted for 65% of all ransomware attacks in our study. These are frustrating statistics since they’ve been the top issues for years. While there’s no easy fix, continued user education, multi-factor authentication, and providing users with a password manager can go a long way to reducing the risk.
So, let’s say you’ve done everything right but still suffered an attack. It’s a common mantra to say don’t pay the ransom, and there’s an assumption that you can “just” recover from your backups, but it’s not that easy. If it were, no one would ever pay the ransom. When respondents were asked about their ability to recover data, 64% said they were able to recover less than 80% of the data. By coincidence, the average amount of data that was recovered was also 64%. Put another way, companies lost an average of a third (36%) of their data due to a successful ransomware attack. While the survey didn’t get specific as to why the data was lost, one can assume there were several factors from corruption during the backup job, to backed up data being deleted during the attack. No matter how the data was lost, it becomes part of the equation to justify paying the ransom.
So, where do you go from here? First, keep bringing different parts of the organization together to be part of the solution. The alignment between cybersecurity and infrastructure teams is fantastic because it shows that security has moved from being the team that says “no” to ensuring the business says “yes” securely. Realizing a cyberattack like ransomware is similar to a physical disaster like a fire or flood is also a step forward. Second, enablement for end users and documentation for the incident lets everyone know their role and how to respond. Both of these are people and process-based and are probably the hardest to do. Finally, regular testing of the disaster plans needs to be performed. This includes tabletop exercises and technical penetration testing so you can find the mundane weak spots to either eliminate or add a compensating control, with documentation, so you know where to watch for the next attack. Because let’s face it, the next attack is already on its way.
There was a lot more in the research report beyond the latest cybersecurity statistics and insights, so check out the other blog posts in this series for additional insights and findings, and don’t forget to download the full report.
- Part 1: What is driving change & what are organizations looking for moving forward
- Part 2: What do Hybrid and Multi-Cloud architectures look like and how does that affect your data protection strategy
- Part 3: Data Protection Trends in Public Sector
- Part 4: What does “Enterprise Backup” mean in 2022?
- Part 5: Data Protection Trends in Healthcare
- Part 6: Alignment of Backup within Cyber Preparedness
- Part 7: Real-World Statistics on Downtime and Data Loss in 2022
- Part 8: What should BC/DR look like in 2022?
- Part 9: What is driving Data Protection Strategies in Financial Services and Insurance for 2022
For questions on the research, email StrategicResearch@veeam.com or ping Jason (@JBuff) or Dave Russell (@BackupDave) to let us know how this research aligns with your organization’s data protection goals for 2022.