The gap between perceived preparedness and the reality of a ransomware incident may be far wider than many think.

Many see backups as a first line of response, when in reality a more comprehensive approach to security is necessary.

The value of specialized expertise in cybersecurity is evident, but finding and retaining security expertise is difficult.

Ransomware has become one of the most widespread and most serious cyberthreats facing organizations.

More than half (58%) of respondent organizations have increased their spending on services and technology for backups as a result of the ransomware threat, according to 451 Research’s Voice of the Enterprise: Storage, Data Management & Disaster Recovery 2022 survey. But backups are only part of the solution. A comprehensive strategy for countering the ransomware threat must embrace both proactive and responsive elements of security planning, deployment and operations to build resilience, thwart attempts, detect threats and mitigate their impact. Ransomware attacks are systematic, typically manifesting in a methodical sequence of reconnaissance, initial penetration, lateral movement, data exfiltration and encryption that ultimately results in extortion or payment. An underground economy, with specialists serving each aspect of an attack, has arisen to serve a market fueled by the lucrative financial payouts. To defeat this threat, defenders must show the same level of systematic consistency and expertise in their approach.

Meeting the Ransomware Challenge

451 Research explores the phases of ransomware attacks and the systematic approach that must be martialed to counter them effectively.

Download the full report where 451 Research explores:

The required aspects of proactive hardening and effective response, and the vigilant intelligence essential to both. The role of security services in helping businesses meet the demands of a professional and systematic approach, by closing gaps in expertise that survey respondents consistently report is hard to find and retain, particularly for organizations not focused on cybersecurity as their primary business.

DOWNLOAD NOW

2022 Pathfinder Report

Key Findings

Almost a third (31%) of 451 Research survey respondents believe that their existing endpoint security measures would interrupt a ransomware attack. About a quarter (24%) say their network security measures would do so.

But among those who had actually experienced a ransomware event, only 13% reported that their endpoint security measures had interrupted the attack, and only 8% said their network security defenses had done so. This indicates that the gap between perceived preparedness and the reality of a ransomware incident may be far wider than many think.

The value of backups, however, seems in line with reality: 34% of all respondents believe restoration from backups would be a primary aspect of response, and 40% of those who had sustained a ransomware event did, in fact, recover through backups.

What is concerning is the proportion who see backups as a first line of response, when a more comprehensive approach to security is necessary not only to thwart attacks, but to ensure the integrity, availability and resilience of backups to recover reliably from an incident.

The value of specialized expertise in cybersecurity is evident in the number of organizations turning to security service providers. Nearly twice as many 451 Research survey respondents in 2021 indicated managed security services in use compared to 2020. Meanwhile, less than half the percentage of respondents reported security services were “not in plan” in 2021 compared to the prior year.

However, this adoption of consistent and reliable security services reflects the ongoing difficulty organizations face in finding and retaining security expertise. Almost three-quarters (72%) of survey respondents in 2021 said that their information security staffing is somewhat to seriously inadequate.

DOWNLOAD FULL REPORT

451 Research