Rampant ransom payments highlight the need for urgent action on cyber resilience

A staggering 69% of organizations reported paying ransoms this year, according to research from Cohesity, with 46% handing over a quarter of a million dollars or more to cybercriminals. It is not at all the picture of resilience that is often painted by the industry. It is clear that there is a disconnect between cyber resilience policy and operational capacity that urgently needs to be addressed.

With the advent of Ransomware-as-a-Service platforms and the current global geopolitical situation, organizations face a huge existential threat through destructive cyberattacks that can bankrupt them. This gap between trust and capability needs to be addressed, but to do so, these organizations need to first recognize that there is a problem.

According to the 2024 Global Cyber Resilience Report, which surveyed 3,139 IT and security operations (SecOps) decision makers, despite 77% of companies having a “no pay” policy, many found themselves unable to respond and recover from attacks without giving in. in ransom demands. Additionally, only 2% of organizations can recover their data and restore business operations within 24 hours of a cyberattack – despite 98% of organizations saying their recovery goal was one day.

This clearly indicates that current cyber resilience strategies are not working when it matters most. Enterprises have set ambitious recovery time objectives (RTOs), but are far from building the adequate, effective, and efficient threat investigation and mitigation capabilities needed to safely rebuild and recover. Most organizations treat a destructive cyberattack like a traditional business continuity incident, such as a flood, fire or loss of electricity – recovering from the last backup and bringing back all vulnerabilities, gaps in prevention and detection, as well as security mechanisms. persistence that caused the incident in the first place. The gap between these goals and actual capabilities is a ticking time bomb, leaving companies vulnerable to prolonged downtime and severe financial losses.

Equally alarming is the widespread neglect of zero trust security principles. While many companies tout their commitment to protecting sensitive data, less than half have implemented multi-factor authentication (MFA) or role-based access controls (RBAC). These are not just best practices; they are essential safeguards in today’s threat landscape. Without them, organizations leave the door open to both external and internal threats.

As cyber threats continue to evolve, with 80% of businesses now facing the threat of AI-enabled attacks, the need for a robust, modern approach to data resilience is more urgent than ever. However, the continued reliance on outdated strategies and the inability to adapt to new threats sets the stage for even greater risks. It’s not even a question of complacency.

james blake

Global Head of Cyber Resilience Strategy at Cohesity.

Build trust or create false hope?

With 78% of organizations saying they are confident in their cyber resilience capabilities, this infers that a lot of work has already been done in creating the process and technology to not only isolate attacks, but also have the ability to recover with reliable responsiveness. to investigate, mitigate threats, and recover. This would be great if it were true, but we are seeing a real disconnect between perception and reality when it comes to cyber resilience.

This is a big concern. The financial impact of these failures is not limited to ransom payments alone. The true cost of inadequate cyber resilience goes far beyond the immediate outlay. Prolonged downtime, loss of customer trust, criminal prosecutions for false attestations about the quality of security controls or paying ransoms to sanctioned entities, brand damage, and skyrocketing cyber insurance premiums are just a few consequences that can harm a company. organization. It’s a sobering reminder that investing in and pre-testing robust cyber resilience measures is far more cost-effective than dealing with the consequences of a successful attack.

Furthermore, the report reveals that only 42% of organizations have the IT and security capabilities to identify sensitive data and comply with their regulatory requirements. This deficiency exposes companies to significant fines and undermines their ability to prioritize the protection of the very data that is the lifeblood of their organization and subject to regulatory obligations.

With the expected rise of AI-enhanced cyberattacks adding another layer of capability to cyber adversaries, organizations with traditional defenses will have their work cut out. They are no match for these effective and highly efficient threats, which can adapt and evolve faster than most organizations can respond. Organizations need AI tools to combat these emerging AI-driven threats.

Identify a problem to solve a problem

Ultimately, the report reveals opportunities for improvement. There are people, processes and tools to reverse these trends and close gaps to strengthen cyber resilience. Still, organizations need to understand where they currently stand with resilience and be honest with themselves.

The right workflow collaboration and platform integration between IT and security needs to be developed before an incident. Organizations must engage in more realistic and rigorous threat modeling, attack simulations, exercises and testing to understand their strengths and weaknesses. This can ensure that the response and recovery process is effective and that all stakeholders are familiar with their roles during an incident or can identify deficiencies and areas for improvement.

Additionally, automated testing of backup data can verify the integrity and recoverability of backups without manual intervention. This automation helps ensure that backups are reliable and can be quickly restored when needed.

Finally, maintaining detailed documentation and recovery manuals helps ensure everyone knows their responsibilities and what steps to take during an incident. These playbooks should be updated regularly based on changes in adversary behavior and the results of tests and exercises.

And that’s just the beginning. To fully reduce operational risk, a transition to modern security and data management processes, tools, and practices is necessary. Perhaps then we will see a reduction in ransom payments and a confidence in cyber resilience built on reality.

We rank the best identity management software.

This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in technology today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro