Lessons Learned From 3,000 Cyber Attacks

We read an incredible report that made us realize that many businesses out there are still failing to take the necessary steps to protect their business against cyber threat actors.

The report speaks to how the attacks affected the organization, what it took to recover from the incident, and how you can prevent an incident in the first place. The survey sought to explore the preparedness and recovery efforts of organizations worldwide that fell victim to ransomware attacks in 2022. With responses from 1,200 unbiased IT leaders across 14 countries, this study sheds light on the challenges faced by organizations in combating cyber threats.

Our strategic partner Veeam did an analysis of the report and shared it with us recently – You can download the report below! The report brought to light so many important things that business leaders need to know. 

The survey focused on understanding the consequences of ransomware attacks on organizational environments and explored the strategies and data protection initiatives being implemented to address these threats. While industry analysts projected modest growth in IT spending for 2023, the survey respondents anticipated a higher increase in budgets dedicated to cyber security (prevention) and data protection (remediation).

Surprisingly, despite the recognition of ransomware as a significant disaster, there seems to be a lack of effective collaboration between teams responsible for Business Continuity or Disaster Recovery (BC/DR) planning. The research consistently found that those directly involved in handling cyber events expressed the least satisfaction with team cooperation. What we find remarkable about this finding is that the individuals and teams within an organization really want the same outcome but there is a massive breakdown internally to actually put a proper strategy in place. 

Interestingly enough, when comparing the results of the survey to organizations that Infinite IT supports (more specifically those that have all three of our core offerings: iCare, iSecure, and iComply), we found that those organizations always have a central point that makes decisions around BC/DR, understands the risk that these types of threats pose to the vitality of their company’s future, and have decision making power (and the budget) to make the magic happen. It is usually championed by the Operations Lead (i.e. COO, VP / Director of Operations, or whomever the most senior operations person is). With our larger customers, this is championed by the Chief Risk Officer.

No matter the size of our customers (5 to 5,000 employees), risk is risk.

Every company has “an IP address” and threat actors troll IP’s to find an opening to get in. It is usually after they are in that they figure out who they have just breached. That means no matter how big or small you think your company is, you are still a target.

Key findings of the report revealed that 87% of organizations have a risk management program driving their security roadmap.

• However, only 35% of them believe the program is effective (which is approximately 30% of all the respondents).
• Only 15% of all respondents are actively seeking improvements.
• Alarmingly, 13% of organizations have yet to establish a risk management program at all.

The study also identified common elements in the organizations' playbook to prepare for cyber attacks. These include maintaining clean backup copies and regularly verifying their recoverability. However, the data exposed a concerning trend: 80% of respondents admitted to paying the ransom, but 1 in 4 were unable to recover their data even though they paid. That means that 40% of incidents result in permanent loss even if you pay the ransom.

The role that insurance played in dealing with ransomware attacks was also explored. In 2022, 96% of cyber victims had the option to pay the ransom through insurance, with half of the respondents utilizing cyber-specific insurance policies. Some organizations opted for non-cyber-specific insurance or chose not to use insurance at all due to rising costs and limited availability.

As for recovery efforts, organizations faced significant challenges in restoring their data. On average, organizations reported that 45% of their production data was affected by the cyber attacks, with varying degrees of impact across respondents. Disturbingly, only 66% of the affected data was recoverable, resulting in a 15% permanent loss of production data.

What is showcased in this report is the critical role of immutable backup repositories and air gapping in safeguarding against cyber attacks.  Only 25% of victims stated that their backup repositories remained unaffected, indicating the urgent need for robust data protection measures. This statistic really makes one think about how their strategy is configured.

Just because you have a strategy does not mean it is the right one.

If 75% of all strategies had their backup repositories affected, chances are most companies are doing it wrong. It is important to make sure your backup repositories are stored offsite and hardened without any way for an threat actor to gain access to the data. Working with a third party that has a solid “tried, tested, proven and true” strategy (such as Infinite IT) is the best way to leverage the strength of an organization that does it for hundreds of other organizations. But don’t just take their word for it, challenge your partner on every aspect of their strategy and be sure they’ve got it right. If they don’t, then move on and find another partner.

When it comes to recovery locations, hosted infrastructure emerged as the preferred choice for organizations, closely followed by managed disaster recovery as-a-service (DRaaS) platforms. This aligns with the growing adoption of cloud repositories as reliable sources for immutable recovery.  And don’t be afraid of the word “cloud” when it comes to your backup strategy. All that the word cloud really means in this instance is that you are paying monthly for the storage space you are using (and likely the software licensing that goes along with it), with someone else owning the physical hardware and making sure it works. Anything “hosted” can be classified as “cloud” if someone else owns the infrastructure under it, and in this scenario, you want it to be managed by a third party to increase your level of immutability.

This all sounds complex but can be simplified when working with the right partner. If you want a “sanity check”, are lost, or just don’t know where to start, schedule some time with one of our specialists and we can walk you through the process.