Hitachi Vantara and Enterprise Strategy Group (ESG) announced the findings of a survey of more than 600 IT and cybersecurity professionals, which revealed that 79% respondents reported a ransomware attack at their company within the last year.
More troubling for organizations is the degree with which these attacks are successful. The survey found that 73% report that they have been financially or operationally impacted by these attacks. As noted in the report, “Every lost bit of data is money and may represent a key transaction that can never be reproduced. Losing data is like throwing money out the window in layman’s terms.”
“Cyber criminals have become more sophisticated over time and are using new and advanced methods to ensure their efforts are successful,” said Christophe Bertrand, practice director, Enterprise Strategy Group.
“For businesses today, the key to combatting this growing threat is to deploy a comprehensive ransomware readiness strategy. Ransomware readiness is a team sport, bringing together IT, security, and data protection groups for a diverse collection of preparedness activities which includes hardware, software and services, as well as insurance, readiness testing, employee security awareness training, playbook development, penetration testing, and more.”
Storage systems or cloud-based data account for 79% of impacted environments in successful ransomware attacks at 40% and 39%, respectively. Complicating matters, the leading point of compromise for attacks is application software vulnerability at 36%, with systems software, application user permissions, misconfigurations of external devices and email nearly equally splitting the remaining share.
“As a business leader, the most critical finding from this report is the discrepancy in potential value loss from a ransomware attack over other downtime events,” said Tom Christensen, global technology advisor and executive analyst at Hitachi Vantara.
“The potential loss of business value is magnified given the increased downtime and difficulty of data recovery, which is why it’s important to not only build resilient infrastructure and applications but to foster a culture of perpetual preparedness throughout the organization.”