Report: 76% of Orgs Faced Ransomware Attacks in 2021
More than two thirds of enterprises experienced at least one ransomware incident last year, according to security vender Veeam.
The company's latest data report, titled 2022 Data Protection Trends studied wordwide organizations and found the following security trends:
- 76 percent of organizations had at least one ransomware attack last year.
- 36 percent of data on average was unrecoverable after a ransomware attacks.
- 51 percent of organizations had outages caused by ransomware. And for the second year in a row, cyberattacks caused the most outages.
"Ransomware is a disaster -- and an almost guaranteed threat that every organization must prepare for," said the backup, recovery and data management specialist. The company conducted the survey to quantify the shifts in overall concerns/goals and strategies for data protection, as well as gain an understanding of the current market landscape on data protection, disaster recovery, cybersecurity/ransomware and containers.
"88 percent of organizations believe their cybersecurity strategies are completely or mostly integrated with their BC/DR strategy," the report says. "That reinforces the recognition that ransomware is a disaster, and that most industry organizations understand this point. While 3 in 4 organizations (76 percent) have suffered at least one attack, 24 percent have either not been attacked or they are not aware of it yet." Of those attacked:
- 42 percent were user actuated, meaning they clicked on a malicious link, often from a spam email
- 43 percent were due to a lack of diligence from an administrator (patches, credentials, etc.)
"On average, organizations were only able to recover 64 percent of their data -- meaning that over 1/3 of data is typically unrecoverable, according to 1,376 unbiased organizations surveyed," the report says. However, 36 percent of respondents recovered more than 80 percent of their data.
Veeam offered up this list of key findings of the report:
- Businesses have an availability gap: 90 percent of respondents confirmed they have an availability gap between their expected SLAs and how quickly they can return to productivity. This has risen by 10 percent since 2021.
- Data remains unprotected: Despite backup being a fundamental part of any data protection strategy, 18 percent of global organizations' data is not backed up -- therefore, completely unprotected.
- Human error is far too common: Technical failures are the most frequent cause of downtime with an average of 53 percent of respondents experiencing outages across infrastructure/networking, server hardware and software. 46 percent of respondents experienced cases of administrator configuration error, while 49 percent were hindered by accidental deletion, overwriting of data or corruption caused by users.
- Protecting remote workers: Only 25 percent of organizations utilize orchestrated workflows to reconnect resources during a disaster, while 45 percent run predefined scripts to reconnect resources running remotely in the event of downtime and 29 percent manually reconfigure user connectivity.
- Economic drivers remain critical: When asked about the most important factors when purchasing an enterprise data solution, 25 percent of IT leaders are motivated by improving the economics of their solution.
After detailing data about ransomware and other cyberattacks learned over the last year, the company offered its own perspective.
"Using best practices for off-site or air-gapped backup copies should be part of every DR plan," the company said. "Veeam recommends that there should be three copies of important data, on two different types of media, with at least one of these copies being off site, air gapped, offline, or immutable. Disaster recovery (DR) testing should also be a priority to ensure data was backed up without errors and was free from malware, ensuring all data can be recovered successfully. To learn more about successful ransomware recovery and the 3-2-1 Rule, click here."
Other key takeaways from the report include:
"Hybrid" is normal and here to stay: With over 8,000 data points from three consecutive years, "the new normal" for modern IT is approximately 50/50 between on-premises servers and cloud-hosted servers:
Within the datacenter , there is a consistent expectation for both physical and virtual platforms.
Within cloud, there is a healthy mix of using both hyperscale and MSP-hosted infrastructures.
Two key takeaways from these trends:
- The datacenter is not dead nor dying. There are as many good reasons to run a workload on premises as cloud-hosted.
- Your data protection strategy needs to accommodate physical, virtual and multiple cloud-hosted options.
Organizations are looking for "better" data protection: When considering the top six drivers for change, three banded trends occur:
- Qualitative improvement -- Reducing RPO (data loss), reducing RTO (downtime), and enhancing reliability all equate to data protection that simply "works."
- Increased value -- Changing CapEx to OpEx reduces initial investment, thereby relieving short-term budgets, while improving ROI/TCO increases the value of what is being spent.
- Modern capabilities -- Moving from a legacy backup to one that leverages cloud services or is cloud-powered, along with utilizing tools that accommodate an increasingly diverse (and likely cloud-hosted) range of production capabilities.
Modern is cloudy, integrated and automated: The most common and important aspects of modern/innovative data protection are all "cloudy" -- including DRaaS, IaaS/SaaS protection and the ability to move workloads between clouds. Beyond cloudy-ness,
- Backup cannot be its own isolated endeavor any more than cyber-preparedness can. Instead, backup should be included as the remediation component within any ransomware strategy.
- Backup should also not be an afterthought to production. When workloads are first provisioned, that is the time to define a workload's data protection requirements. Similarly, as SaaS platforms are brought online (prior to migration or adoption), the backup mechanisms should be enabled.
The gap between what business units expect and what IT can deliver continues to widen, as tracked for the past five years in this project: For 2022:
The rationale is most likely due to the rising criticality of more workloads. But there is an obvious corollary between the top change drivers of improving RTO (availability), RPO (protection) and reliability -- versus these perceived "gaps."
- 90 percent of organizations have an "availability gap" between the SLAs expected and how quickly IT can return to productivity.
- 89 percent of organizations have a "protection gap" between how much data they can afford to lose and how often data is protected.
"As cyberattacks become increasingly sophisticated and even more difficult to prevent, backup and recovery solutions are essential foundations of any organization's Modern Data Protection strategy," said Danny Allan, CTO at Veeam. "For peace of mind, organizations need 100 percent certainty that backups are being completed within the allocated window and restorations deliver within required SLAs. The best way to ensure data is protected and recoverable in the event of a ransomware attack is to partner with a third-party specialist and invest in an automated and orchestrated solution that protects the myriad datacenter and cloud-based production platforms that organizations of all sizes rely on today."
David Ramel is an editor and writer for Converge360.