Published on November 9, 2023, 6:26 am
As businesses continue to transition towards a more hybrid work model and become increasingly distributed, the frequency of attacks and breaches is expected to rise. The latest Veeam 2022 Data Protection Trends report highlights that out of the 3,393 global organizations surveyed, 76% experienced at least one ransomware attack. Shockingly, 24% of these organizations either avoided attacks or were completely unaware that an attack had occurred. These statistics reveal a significant vulnerability in business security measures.
In Hong Kong alone, cybersecurity firm Fortinet reported an average of over 750,000 monthly ransomware attacks on businesses between April and June 2021. This surge can be attributed to the pandemic and the paradigm shift in working practices that followed. Organizations were caught off guard and ill-prepared to respond to increasingly sophisticated cyberattacks during this period.
The government’s Hong Kong Computer Emergency Response Team Coordination Centre issued an advisory earlier this year, warning that cyberattacks would become more targeted and organized. They anticipated a rise in multiple ransomware and phishing attacks specifically targeting individual industries as the new norm.
According to Veeam’s ransomware research in 2021, only 69% of surveyed organizations (including 200 leading enterprises in Asia Pacific) claimed successful data recovery after an attack. Worryingly, almost half of the affected businesses opted to pay the ransom but found that their data was not restored as promised. In the Asia-Pacific region specifically, one in four organizations who paid the ransom failed to recover their data.
Despite paying a ransom being seen as a potential solution for data recovery, there is evidence suggesting alternatives must be explored. A positive trend emerged from Veeam’s research: 19% of organizations that chose not to pay the ransom were still able to recover their data successfully. This finding emphasizes that paying a ransom does not guarantee data retrieval; rather, more attention needs to be given towards enhancing overall business data protection and recovery strategies.
Backup solutions have become an increasingly critical component of ransomware recovery planning. Surprisingly, 97% of ransomware attacks in Asia Pacific also targeted backup repositories, with a concerning 73% success rate. This data further confirms that conventional backups alone cannot provide foolproof protection against determined attackers.
Modern malware is evolving in such a way that it actively targets the backup layer, making it crucial for businesses to establish processes that prioritize resilience. Veeam strongly advocates for following the 3-2-1-1-0 Rule: having at least three copies of important data stored on at least two different types of media, with one copy stored off-site. This rule ensures that even if one layer of protection is compromised, others remain intact.
As the threat landscape continues to evolve, it is recommended to have at least one copy of critical data air-gapped or stored offline to add an extra layer of defense against ransomware attacks. Additionally, incorporating automated backup verification into the process helps ensure that captured data is valid and usable for recovery. Remember, incorrect backups can be just as useless as no backups at all.
Immutability plays a significant role in safeguarding backup data from disruption. Out of surveyed organizations, only 5% reported having less than one immutable tier within their data protection framework. Many organizations utilize multiple immutable layers to enhance protection levels:
– 74% use cloud repositories with built-in immutability
– 67% rely on on-premises disk repositories with immutability or locking mechanisms
– 22% still utilize air-gapped tape storage
In addition to securing repositories, it is equally vital for organizations to restore clean data back into the production environment reliably. A wise practice followed by nearly half of surveyed organizations involves restoring data to a sandbox or isolated area for safety testing purposes.
Surprisingly, just 46% of organizations worldwide and 41% in Asia Pacific employ this practice of isolation and staged restoring, indicating a gap that demands attention from IT decision-makers.
To effectively combat modern ransomware attacks, an integrated security architecture is required. Such architecture should cover endpoints, networks, and cloud environments to detect, correlate, and remediate attacks holistically. When it comes to remediation options post-attack, organizations are left with only two choices: paying a ransom or restoring from backups.
However, it is important to recognize that the process of “restoring from backup” is not as simple as it sounds. Organizations often make assumptions about their backup and recovery capabilities that can result in irreversible data loss. Therefore, having a meticulously planned strategy in place that includes verified, tested, and secure backups capable of swift restoration becomes crucial for surviving modern attacks such as ransomware.
It is clear that businesses face rising challenges posed by ever-evolving ransomware threats. By prioritizing data protection measures like following the 3-2-1-1-0 Rule and incorporating immutability into backup strategies, organizations can better defend against malicious attacks. Additionally, fostering a culture of regular testing and verifying the integrity of backups ensures prompt