| | |
|
| |
| | |
|
|
| | |
|
5 Key Takeaways from New 2023 Ransomware Trends Report
- Have Clean Backup Copies and Verify Recoverability – The most common element of an incident response playbook is a good backup. That means having “clean” backup copies with data that is survivable against attacks and does not include malicious code. Then test and verify that the backups are recoverable. Best practices these days are to follow a 3-2-1-1 rule, namely 3 copies of data, 2 different media types to store backups, 1 offsite location to store backups online, and 1 offsite location to store backups offline. As the Veeam study suggests, better make that 3-2-1-1-0, where the 0 represents the best practice of verifying zero errors or malware code before restoring the backups.
- 80% of Victims Paid The Ransom – While an astounding 80% of victims in the Veeam study reported paying the ransom, 21% of victims still could not recover their data even after paying the ransom because the decryption code didn’t work or was not given at all. This is likely due to the fact that in 77% of the cases, insurance policies were used to pay the ransom, or backups were also affected as detailed in #3 below. Regarding insurance policies as a hedge against cybercrime, the Veeam report shows that 21% of respondents said that ransomware was now excluded from their policies while 74% saw increased premiums, 43% saw increased deductibles and 10% saw reduced coverage benefits.
- Backup Repositories Affected in 75% of Victims – 93% of victims reported that the bad actors went after their backup repositories. 32% reported most or all backups were impacted while 43% said some backup repositories were affected for a total of 75%. Just 18% said the hackers tried, but were unsuccessful in impacting the backup repositories. Only 7% reported no attempt to attack their backup repositories.
- It Takes at Least 3 Weeks to Recover from an Attack – As in any IT-related disaster, it takes time to recover. Recovery from a natural disaster like fire or flood can begin immediately. But recovery from a ransomware attack takes time first to identify which systems were impacted. Then determine if backups are not also infected only to reintroduce the malware. At this point, recovery can begin which typically takes 3+ weeks.
- Tape Still Matters in 2023 – According to the Veeam report, only 16% of victims were able to recover from the attack without paying the ransom. To do that, they had to have recoverable data within their backup repositories which means that the data was immutable or air-gapped. In 2023, it is very achievable for backup data to be immutable across its entire data protection lifecycle, including short-term disk, within BC/DR capable clouds and long-term tape storage. According to the survey, 14% of respondents said they utilize offline air-gapped tape.
While 16% of respondents being able to avoid paying the ransom sounds low, that number will surely rise as the frequency and sophistication of ransomware attacks increase along with the price of ransom payments. A very simple and cost-effective way to do this will increasingly be via tape air gap. According to recent interviews I’ve had with independent cyber security experts (with no stake in the tape business) they say that they recommend tape air gap for this very reason.
We know that new Federal mandates and SEC rules will enforce best practices around cyber security and that the FBI and CISA recommend offsite, offline backups as a hedge against ransomware. We also know that cyber insurance companies want to see offsite, offline backups as part of a comprehensive cyber security plan.
It’s become clear that cybersecurity requires a multi-faceted approach, including regular software patches, frequent password resets, 2-factor authentication, secure networks, and user education to stay safe by avoiding suspicious links and attachments.
Finally, it’s also becoming clear that protecting data with an air gap on highly reliable and cost-effective tape can also contribute to an organization’s ability to effectively protect and recover their assets, avoid paying a hefty ransom, and safeguard their business continuity, reputation and stakeholder trust.
Contact your BackupWorks Account Rep today and
ask about LTO Tape for your Backup and Archive Environment at 866 801 2944
| |
| | |
|
|
|