Businesses may have an overestimated sense of security when it comes to cyber threats.
========================================================================
A recently published survey commissioned by Cohesity and conducted by Censuswide has shed light on the disconnect between companies' projected ability to withstand a cyberattack and their actual capabilities under duress. The survey involved over 3,100 IT and security decision makers across eight countries between June 27 and July 18.
The survey findings indicate that many companies struggle with recovering effectively from ransomware attacks, highlighting gaps in preparedness and incident response capabilities. Nearly 98% of respondents stated their companies had a targeted recovery time of one day in the event of a cyberattack or similar security incident. However, the survey did not provide information on how many companies require more than six days to recover their core business processes after an attack. Approximately one-third of respondents said they would need at least four to six days to recover, and 31% said they would need one to two weeks.
One detailed example involved a large North American hospital hit by a ransomware attack that compromised and encrypted its main data store. The hospital initially relied on an insurer-provided response team that repeatedly restored infections, leading them to suspect the team was acting to invalidate insurance rather than recover the systems. Eventually, the hospital hired its own incident response team that successfully investigated and remediated the attack using Cohesity backups, which helped identify the root cause — a 'living off the land' attack utilizing a global policy object (GPO) to push malware laterally across devices.
The Cohesity-commissioned survey's findings on cyber resilience emphasize that recovery requires a comprehensive approach beyond just backup availability. It involves incident response planning, understanding attack vectors, and securing lateral communications within networks. Cohesity supports recovery through its Cyber Event Response Team (CERT), which takes defined actions like locking down and auditing affected clusters to help customers recover from ransomware effectively.
The survey also revealed that over 7 in 10 IT and security leaders admitted to paying a ransom in the last year, despite internal policies against it. This finding, coupled with the fact that over 4 in 5 respondents expressed confidence in their company's resilience strategy, suggests that this confidence may be based more on lofty goals rather than real-world performance.
Recent high-profile ransomware attacks, such as the one against Change Healthcare and the IT outage impacting 8.5 million Microsoft Windows devices due to a defective CrowdStrike software upgrade, have added significance to the ability to recover from catastrophic IT and security incidents. As such, it is crucial for companies to reassess their cyber resilience capabilities and invest in comprehensive solutions that can help them respond effectively to such incidents.
In summary, the survey findings portray companies as underprepared for ransomware recovery, with success relying on capabilities such as in-depth forensic investigation, improved monitoring, and carefully planned incident response—capabilities that Cohesity's services aim to support.
- To effectively combat ransomware attacks, cybersecurity strategies must extend beyond traditional backup availability and encompass incident response planning, an understanding of attack vectors, and securing lateral communications within networks.
- Despite the confidence exhibited by many IT and security leaders in their company's ransomware resilience strategy, the survey findings indicate that this confidence may be misplaced, as recovery often requires comprehensive capabilities such as in-depth forensic investigation, improved monitoring, and planned incident response.
