DUBAI, UAE — Despite years of preventative measures and evolving technology, ransomware events continue to increase in both size and scope. In fact, over time, they will become even more pervasive in our everyday lives. The cyberthreat is growing, especially as generative AI tools become more powerful. Meta announced an increase in malware aided by ChatGPT. Emerging technologies will only make ransomware more prolific – and there’s no way to stop them.
The Veeam 2023 Data Protection Trends Report found that 85 percent of organizations were hit at least once by a cyberattack – up from 76 percent in last year’s study. What’s more, some organizations that believed they did not experience a ransomware event may simply not have known they were under attack. Businesses need to stop viewing ransomware as an unexpected and chaotic occurrence. It is here to stay, much like an endemic, and your business will be impacted by it at some point. It’s not a matter of if, but when and how often.
Some experts tout cyber insurance as a panacea for ransomware. However, cyber insurance doesn’t cover the unseen cost of downtime your business experiences after an event – and it also doesn’t recover your lost data. Cyber insurance is certainly part of a well-rounded cybersecurity strategy, but it’s not the be-all and end-all. The EMEA results of our 2023 Ransomware Trends Report show that insurance policies are increasing in price and potentially decreasing in coverage. Those organizations with cyber insurance saw significant changes in their last policy renewals: 81 percent saw increased premiums, 38 percent witnessed increased deductibles, and 3 percent saw coverage benefits reduced.
So how do we ensure the world can live safely within it? The answer is for businesses to achieve endemicity, where a large proportion of the population is unsusceptible to infection.
According to the Veeam 2023 Ransomware Trends Report, 45 percent of production data will be affected by a cyberattack on average. For companies that paid a ransom to recover lost data, only 66 percent of affected data was recoverable. Basic math tells us that around 15 percent of an organization’s production data is then unrecoverable after a ransomware attack.
Paying the ransom doesn’t guarantee data can be restored, but it does set a precedent that a cyber attacker will exploit, making any company that pays up a future target. That’s why it’s important to invest in a strategy that ensures data protection and ransomware recovery as standard.
A solid Data Protection and Ransomware Recovery strategy includes several components, summarized below:
Data Identification and Flow Management: Identify and classify the organization’s data, understanding how it flows from source to destination. This reveals priorities and dependencies that inform data protection strategy.
Data Risk Management: Identify risks and threats that might affect data assets, listing and classifying them, and designing measures to minimize and mitigate them.
Data Protection Policies and Procedures: Document and regularly audit data protection activities, ensuring protection from core to edge.
Cybersecurity Management: Utilize a wide range of security technologies, such as antivirus, firewalls, backup, replication, and physical/perimeter security systems.
Confidentiality, Integrity, Availability (CIA triad): A model designed to guide information security policies within an organization.
Data Access Management Controls: Define and implement policies that identify access levels for internal and external users to data, following the principles of least privilege and segmentation of duties.
Monitoring and Review: Implement real-time monitoring, comprehensive reporting, and automated remediation systems.
Thus, a comprehensive Data Protection and Ransomware Recovery strategy ensures that you’re protected, and resilient in the event of a ransomware attack and is the only way to make your business is immune to its impacts.
Mohamad Rizk is Regional Director, Middle East & CIS at Veeam Software.
The opinions expressed are those of the author and may not reflect the editorial policy or an official position held by TRENDS.