While ransomware isn’t a new cybersecurity threat, it’s certainly one of the fastest-growing ones. The overall scope of ransomware has also grown in the past year. Attacks hit supply chains, causing more widespread damage than an attack against a single individual. There has also been an increased response from governments to help mitigate the effects of ransomware attacks.
To better understand ransomware’s impact, we recently co-sponsored research conducted by Enterprise Strategy Group (ESG), an analyst firm that provides market intelligence to the global IT community. Published earlier this week, ESG’s report, “The Long Road Ahead to Ransomware Preparedness,” examines the pervasiveness of ransomware, its impact on organizations, and the steps companies are taking to mitigate its effects. Compiled from responses from over 600 respondents, the report also provides unique insights into what separates companies who are most prepared for ransomware threats from companies who are at greater risk.
Here are the findings from the report we found particularly interesting:
At this point, there’s little debate that the overall number of ransomware attacks is growing. But how often are these attacks having a material impact on their targets? According to the research, pretty often.
A staggering 79% of respondent organizations surveyed stated that they had been targeted by ransomware in the past 12 months.¹ Of those organizations, nearly three quarters said the attack was successful, meaning that it disrupted business operations. And it’s not just the ransomware payments that are affecting companies. The negative effects of ransomware attacks can be felt through data exposure, data loss, reputation damage, compliance exposure, third-party liability, and more.
Once an organization becomes aware of a ransomware attack, they then must decide whether or not to pay the ransom to secure their data. Theoretically, if you pay the ransom, the attackers will provide a decryption tool and withdraw the threat to publish stolen data. However, payment doesn’t guarantee all data will be restored, and the research backs this up.
Of the companies that said they paid a cyber ransom to regain access to their data, applications, and/or systems after an attack, a mere 14% were able to recover all their data.¹ Even worse, 87% of those respondents said that they experienced additional extortion attempts beyond the initial ransomware demand.¹ These findings make clear that organizations cannot rely on ransomers to recover their data. Instead, they must have a proactive solution in place to be able to swiftly recover from an attack should one occur.
According to an oft cited study by Gartner, 99% of cloud security failures and resulting data loss will be the customer’s fault through 2025. Careless employees, lax permissioning, social hacking, insider threats, poor physical security controls and other vulnerabilities are far more likely to result in data loss than attacks on the SaaS provider.
Given that trend, it’s no surprise that ESG research found that 31% of respondent organizations targeted by ransomware indicated that application user and permission misconfigurations were the initial point of compromise.¹ This is why experts strongly recommend organizations implement the “Principle of Least Privilege,” which states that users and programs should only have the necessary privileges to complete their tasks.
Most organizations have dozens—if not hundreds—of SaaS solutions across their enterprise today. If your business operations depend on Salesforce, for example, you can’t replace it with an on-premises version of Salesforce; it doesn’t exist. And as more and more organizations turn to SaaS, it’s only a matter of time before ransomware attackers do as well.
When ESG asked respondents which components of their IT environment were impacted by ransomware attacks, nearly one third included SaaS applications in their response.¹ Other impacted components included on-premises data, storage systems, key IT infrastructure, on-premises business applications, and several others.
When it comes to mitigating the impacts of a ransomware attack, your backups play a key role, enabling you restore data to its prior state. But because of their value, backups are also prime targets for ransomware infection, with malicious actors hoping to maximize their leverage and damage to continuity. 87% of respondents surveyed said they are very or somewhat concerned about their backups being infected.¹
When it comes to your backups, not all methods are designed to help you fully recover from a ransomware attack. In order for your data to remain accessible in the event that ransomware has infected production systems, backups must be stored on separate infrastructure from the production data. This is to prevent the spread of the ransomware to the backups that would compromise them as well.
If it wasn’t already, it’s clear from this new research that ransomware is a threat against which every organization should protect itself. Now is the time to secure your SaaS data from these threats—before the next ransomware attack impacts you.
By enacting a plan focused on both the key elements of automated backup and recovery, as well as SaaS security posture management, you can better prepare for ransomware attacks and lessen their impact to your business.
To learn more about this research, download the entire report here.
¹Source: ESG Research Report, The Long Road Ahead to Ransomware Preparedness, March 2022.