New Veeam Research Finds 93% of Cyber Attacks Target Backup Storage to Force Ransom Payment
Organisations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat. According to new data in the Veeam 2023 Ransomware Trends Report, one in seven organisations will see almost all (>80%) data affected as a result of a ransomware attack – pointing to a significant gap in protection. Veeam Software found that attackers almost always (93%+) target backups during cyber-attacks and are successful in debilitating their victims’ ability to recover in 75% of those events, reinforcing the criticality of immutability and air gapping to ensure backup repositories are protected.
The Veeam 2023 Ransomware Trends Report shares insights from 1,200 impacted organisations and nearly 3,000 cyber-attacks, making it one of the largest reports of its kind. The survey examines key takeaways from these incidents, their impact on IT environments and the steps taken, or needed, to implement data protection strategies that ensure business resiliency. This research report encompasses four different roles involved in cyber-preparedness and/or mitigation including, security professionals, CISOs or similar IT executives, IT Operations generalists, and backup administrators.
“The report shows that today it’s not about IF your organisation will be the target of a cyber-attack, but how often. Although security and prevention remain important, it’s critical that every organisation focuses on how rapidly they can recover by making their organisation more resilient,” said Danny Allan, CTO at Veeam. “We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance.”
Paying the ransom does not ensure recoverability
For the second year in a row, the majority (80%) of the organisations surveyed paid the ransom to end an attack and recover data – now up 4% compared to the year prior – despite 41% of organisations having a “Do-Not-Pay” policy on ransomware. Still, while 59% paid the ransom and were able to recover data, 21% paid the ransom yet still didn’t get their data back from the cyber criminals. Additionally, only 16% of organisations avoided paying ransom because they were able to recover from backups. Sadly, the global statistic of organisations able to recover data themselves without paying ransom is down from 19% in last year’s survey.
To avoid paying ransom, your backups must survive
Following a ransomware attack, IT leaders have two choices: pay the ransom or restore-from-backup. As far as recovery goes, the research reveals that in almost all (93%) cyber-events, criminals attempt to attack the backup repositories, resulting in 75% losing at least some of their backup repositories during the attack, and more than one-third (39%) of backup repositories being completely lost.
By attacking the backup solution, attackers remove the option of recovery and essentially force paying the ransom. While best practices – such as securing backup credentials, automating cyber detection scans of backups, and auto verifying that backups are restorable – are beneficial to protect against attacks, the key tactic is to ensure that the backup repositories cannot be deleted or corrupted. To do so, organisations must focus on immutability. The good news is that based on lessons learned from those who had been victims – 82% use immutable clouds, 64% use immutable disks, and only 2% of organisations do not have immutability in at least one tier of their backup solution.
Do not re-infect during recovery
When respondents were asked how they ensure that data is ‘clean’ during restoration, 44% of respondents complete some form of isolated-staging to re-scan data from backup repositories prior to reintroduction into the production environment. Unfortunately, that means that the majority (56%) of organisations run the risk of re-infecting the production environment by not having a means to ensure clean data during recovery. This is why it is important to thoroughly scan data during the recovery process.
Other key findings from the Veeam 2023 Ransomware Trends Report include:
- Cyber-insurance is becoming too expensive: 21% of organisations stated that ransomware is now specifically excluded from their policies, and those with cyber insurance saw changes in their last policy renewals: 74% saw increased premiums, 43% saw increased deductibles, 10% saw coverage benefits reduced.
- Incident response playbooks depend on backup: 87% of organisations have a risk management program that drives their security roadmap, yet only 35% believe their program is working well, while 52% are seeking to improve their situation, and 13% do not yet have an established program. Findings reveal the most common elements of the ‘playbook’ in preparation against a cyberattack are clean backup copies and recurring verification that the backups are recoverable.
- Organisational alignment continues to suffer: While many organisations may deem ransomware to be a disaster and therefore include cyberattacks within their Business Continuity or Disaster Recovery (BC/DR) planning, 60% of organisations say they still need significant improvement or complete overhauls between their backup and cyber teams to be prepared for this scenario.
The full Veeam 2023 Ransomware Trends Report is available for download at https://www.veeam.com/ransomware-trends-report-2023, and as part of sessions at VeeamON 2023, the community event for data recovery experts, taking place online May 22-24 and in person in Miami, Fla. Designed by and built for the backup and recovery professional, attendees will expand their skills, learn how to protect their businesses from ransomware, and share industry knowledge with exclusive content from Microsoft, AWS, Hewlett Packard Enterprise and more. Registration for the in-person event and the virtual option is now open.
About the Report
Veeam commissioned independent market research company, Vanson Bourne, to conduct a survey of 1,200 unbiased IT leaders regarding the impact of ransomware within their environments, as well as their IT strategies and data protection initiatives moving forward. All survey respondents suffered at least one successful cyber-attack in 2022. Respondents represented organisations of all sizes from 14 different countries in APJ, EMEA and the Americas.
For more information, visit https://www.veeam.com.
“The Middle East region has one of the most ambitious digital transformation and evolution plans in the world, with digital excellence and competitiveness core to that ambition. However, digital transformation comes with the risk of increased cyber threats, especially ransomware attacks. Veeam’s latest Ransomware Trends Report 2023 reveals the reasons why cybersecurity policies cannot be ignored and why they should be implemented across all organisations, regardless of size or industry. Any company, independent of its specialisation, is a technology company today. Fast recovery from secure, immutable backups is the best line of defence against ransomware attacks. Veeam has the knowledge, expertise, and platform to deliver peace of mind and resiliency to our customers. Our technologies and solutions mean they can be confident that their data is always secure and quickly recoverable, while providing the freedom to protect all data, across any workload or environment with zero lock-in.”
- Mohamad Rizk, Regional Director, Middle East & CIS at Veeam
“Our channel partners can play a big role in helping customers choose and implement the right cyber preparedness strategy within their organisation, starting by spreading awareness around the “remediation” part. It is important to recognise that cyber preparedness is not limited to ‘detection and prevention’ only. That being said, it is known that any data security strategy cannot be complete without the integration of a powerful and reliable data protection solution that ensures that customers have enough copies of their data, and they can recover all their workloads instantly anytime and anywhere. With the right skills and competencies, our channel partners can step-in to provide a wide spectrum of services, starting from advisory services to help their customers avoid costs related to data loss, downtime or ransoms, all the way to professional services to ensure their customers’ environments are fully protected and their business is always running.”
- Kinda Baydoun, Regional Manager Channel and Alliances, Middle East & CIS at Veeam