The large ransom payments highlight the need for urgent action on cyber resilience
According to research from Cohesity, a whopping 69% of organizations reported paying ransoms this year, with 46% handing over a quarter of a million dollars or more to cybercriminals. It is certainly not the picture of resilience that is often painted by the industry. It is clear that there is a gap between cyber resilience policies and operational capabilities that needs to be addressed urgently.
With the advent of Ransomware-as-a-Service platforms and the current global geopolitical situation, organizations face a huge existential threat from destructive cyber-attacks that could put them out of business. This gap between trust and capabilities needs to be addressed, but to do that these organizations must recognize that there is a problem in the first place.
According to the Global Cyber Resilience Report 2024, which surveyed 3,139 IT and Security Operations (SecOps) decision makers, despite 77% of companies having a ‘no pay’ policy, many are unable to respond to and recover from attacks without giving in. to ransom demands. Furthermore, only 2% of organizations can recover their data and restore business operations within 24 hours of a cyber attack – despite 98% of organizations claiming their recovery goal was one day.
This clearly indicates that current cyber resilience strategies are not delivering results when it matters most. Companies have set ambitious recovery time goals (RTOs), but are still nowhere near building the appropriate, effective and efficient investigative and threat mitigation capabilities needed to rebuild and recover safely. Most organizations treat a destructive cyber attack as a traditional business continuity incident, such as a flood, fire or loss of electricity. They restore from the last backup and bring back all vulnerabilities, prevention and detection gaps, as well as persistence mechanisms that caused the incident. in the first place. The gap between these goals and actual capabilities is a ticking time bomb, leaving companies vulnerable to extended downtime and serious financial losses.
Equally alarming is the widespread neglect of Zero-Trust Security principles. While many companies tout their commitment to securing sensitive data, less than half have implemented multi-factor authentication (MFA) or role-based access controls (RBAC). These are not just best practices; they are essential safeguards in the current threat landscape. Without them, organizations leave the door wide open to both external and internal threats.
As cyber threats continue to evolve and 80% of businesses now face the threat of AI attacks, the need for a robust, modern approach to data resilience is more urgent than ever. But continued dependence on outdated strategies and inability to adapt to new threats sets the stage for even greater risks. It’s not even a matter of complacency.
Global Head of Cyber Resiliency Strategy at Cohesity.
Build trust or create false hope?
With 78% of organizations claiming to be confident in their cyber resilience capabilities, it can be inferred that a lot of work has already been done in creating the process and technology to not only isolate attacks, but also the ability to restore a trusted response capacity. investigate, mitigate, and remediate threats. This would be great if true, but we see a real gap between perception and reality when it comes to cyber resilience.
That is a big concern. The financial impact of these failures is not just limited to ransom payments. The true costs of inadequate cyber resilience extend far beyond the direct costs. Prolonged downtime, loss of customer trust, criminal prosecution for false certifications surrounding the quality of security controls or paying ransoms to sanctioned entities, brand damage and skyrocketing cyber insurance premiums are just a few of the consequences that can harm an organization. It’s a sobering reminder that investing in and testing robust cyber resilience measures upfront is far more cost-effective than dealing with the fallout of a successful attack.
Furthermore, the report shows that only 42% of organizations have the IT and security capabilities to identify sensitive data and meet their regulatory requirements. This shortcoming exposes companies to significant fines and undermines their ability to prioritize the protection of the very data that is the lifeblood of their organizations and subject to legal obligations.
As the expected rise of AI-enabled cyber attacks adds a new layer of capabilities to cyber adversaries, organizations with traditional defenses will have to step up their game. They are no match for these effective and highly efficient threats, which can adapt and evolve faster than most organizations can respond. Organizations need AI tools to counter these emerging AI-driven threats.
Identify a problem to solve a problem
Ultimately, the report reveals opportunities for improvement. People, processes and tools exist to reverse these trends and close gaps to strengthen cyber resilience. Still, organizations need to understand where they currently stand when it comes to resilience and be honest with themselves.
Proper workflow collaboration and platform integration between IT and security must be developed before an incident. Organizations must engage in more realistic and rigorous threat modeling, attack simulations, exercises and testing to understand their strengths and weaknesses. This can ensure that the response and recovery process is effective and that all stakeholders are aware of their role during an incident or can identify shortcomings and areas for improvement.
Additionally, automated testing of backup data can verify the integrity and recoverability of backups without manual intervention. This automation ensures that backups are reliable and can be quickly restored when necessary.
Finally, keeping detailed documentation and recovery playbooks ensures that everyone knows their responsibilities and what steps to take during an incident. These playbooks must be updated regularly based on changes in opponent behavior and the results of tests and exercises.
And this is just a start. To fully reduce operational risk, a transition to modern data security and management processes, tools and practices is required. Perhaps then we will see a reduction in ransom payments and a confidence in cyber resilience that is grounded in reality.
We reviewed the best identity management software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro