For today’s enterprises there are just two basic truths: They will generate more data than ever. And it’s only a matter of time that their organizations will get hit by ransomware.
Recent research by TechTarget’s Enterprise Strategy Group (ESG) found that 41% of companies said they were hit at least once by ransomware – and another 32% were targeted more than once.
The ESG report found that in most cases, vulnerable software and misconfigurations are the most common entry points by attackers. Here’s how the numbers break out: 36% of attacks are from application software vulnerabilities, 33% are from system software vulnerabilities, while 31% are from application user permissions and misconfigurations, and another 31% said misconfigurations of externally-exposed devices.
Christophe Bertrand, practice director and a senior analyst at ESG, explained that while most enterprises do a good job at prevention and incident response, very few are well-prepared when it comes to data recovery at scale.
In fact, out of the four stages of data recovery readiness that ESG outlines, only 15% are at Stage 4, the most prepared stage. And while only 29% are novices, 33% are at Stage 2, and another 23% are at Stage 3.
Bertrand said it’s also important to understand the type of data attackers target. Regulated data tops the list at 55%, then there’s sensitive infrastructure configuration data at 53%, intellectual property data at 49%, and mission-critical data at 44%.
Of real concern to managed service providers (MSPs) working with customers: Only 14% of those surveyed say they recovered 100% of their data after an attack – and 86% were not able to recover all their data.
“This is the reality, this is where the market is, and it’s not a good picture,” said Bertrand. “Many of the issues are software and infrastructure-related. While good hygiene can help, companies still have to be ready for more than just an end-user mistake. Therefore, MSPs have to put their customers in a position to recover data.”
Hitachi Vantara and its MSP partners highly recommend that companies deploy an air-gapped network. The ESG survey said that less than one-third of enterprises had air-gapped their networks, meaning that they separated off-site backup and recovery from the production network.
Bertrand said the ESG survey also asked enterprise security pros to name their top priorities when considering backup and recovery products, with data encryption, ability to protect SaaS data, ability to protect endpoints, and ability to recover any port or location as top priorities.
Hitachi Vantara MSP DI Sales pointed out that in a recent deployment with a customer, the HitachiVantara storage and backup systems with immutable snapshots and triage features recovered 1,500 VMs in 70 minutes – a process that used to take several hours, if not days.
Ready to learn more? Watch the webinar, Proven Strategies for Making Cyber Resilience a Reality with ESG and Hitachi Vantara.
Image Credit: Hitachi Vantara and ESG study