A whopping 69% of organizations have reported paying ransoms this year, according to research by Cohesity, with 46% handing over a quarter of a million dollars or more to cybercriminals. It is hardly the picture of resiliency that is often painted by industry. Clearly, there is a disconnect between cyber resiliency policy and operational capability that urgently needs addressing.
With the advent of Ransomware-as-a-Service platforms and the current global geopolitical situation, organizations face a huge existential threat through destructive cyber attacks that could put them out of business. This gap between confidence and capability needs to be addressed, but in order to do so, those organizations need to recognize there is a problem in the first place.
According to the Global cyber resilience report 2024, which surveyed 3,139 IT and Security Operations (SecOps) decision-makers, despite 77% of companies having a 'do not pay' policy, many have found themselves unable to respond and recover from attacks without caving in to ransom demands. In addition, only 2% of organizations can recover their data and restore business operations within 24 hours of a cyberattack – despite 98% of organizations claiming their recovery target was one day.
This clearly indicates that current cyber resilience strategies are failing to deliver when it matters most. Companies have set ambitious recovery time objectives (RTOs), but are nowhere close to building the appropriate effective and efficient investigation and threat mitigation capability needed to rebuild and recover securely. Most organizations treat a destructive cyber attack like a traditional business continuity incident like a flood, fire or electricity loss - recovering from the last backup and bringing back in all the vulnerabilities, gaps in prevention and detection, as well as persistence mechanisms that caused the incident in the first place. The gap between these goals and actual capabilities is a ticking time bomb, leaving businesses vulnerable to prolonged downtime and severe financial losses.
Equally alarming is the widespread neglect of Zero-Trust Security principles. While many companies tout their commitment to securing sensitive data, less than half have implemented multi-factor authentication (MFA) or role-based access controls (RBAC). These are not just best practices; they are essential safeguards in today’s threat landscape. Without them, organizations are leaving the door wide open to both external and internal threats.
As cyber threats continue to evolve, with 80% of companies now facing the threat of AI-enabled attacks, the need for a robust, modern approach to data resiliency is more urgent than ever. Yet, the continued reliance on outdated strategies and the failure to adapt to new threats sets the stage for even greater risks. It’s not even a question of complacency.
Building confidence or creating false hope?
With 78% of organizations claiming that they are confident in their cyber resilience capability, this infers that a lot of work has already been done in creating the process and technology to not just isolate attacks but also have the ability to recover a trusted response capability to investigate, mitigate threats and recover. This would be great if true, but we are seeing a real disconnect between perception and reality when it comes to cyber resilience.
That’s a big concern. The financial impact of these failures is not limited to ransom payments alone. The true cost of inadequate cyber resilience extends far beyond the immediate outlay. Prolonged downtime, loss of customer trust, criminal prosecutions for false attestations around the quality of security controls or paying ransoms to sanctioned entities, brand damage, and skyrocketing cyber insurance premiums are just a few consequences that can damage an organization. It’s a sobering reminder that investing in and testing robust cyber resiliency measures upfront is far more cost-effective than dealing with the fallout of a successful attack.
Moreover, the report reveals that only 42% of organizations have the IT and Security capabilities to identify sensitive data and comply with their regulatory requirements. This deficiency exposes companies to significant fines and undermines their ability to prioritize protecting the very data that is the lifeblood of their organization and is subject to regulatory obligations.
With the expected rise of AI-enhanced cyberattacks adding another layer of capability to cyber adversaries, organizations with traditional defenses will have their work cut out. They are no match for these effective and high-efficient threats, which can adapt and evolve faster than most organizations can respond. Organizations need AI-tools to counter these emerging AI-driven threats.
Identify a problem to fix a problem
The report ultimately reveals opportunities for improvement. People, processes, and tools do exist to reverse these trends and close gaps to shore up cyber resilience. Still, organizations need to understand where they currently sit regarding resiliency and be honest with themselves.
The right workflow collaboration and platform integration between IT and Security needs to be developed before an incident. Organizations must engage in more realistic and rigorous threat modelling, attack simulations, drills and tests to understand their strengths and weaknesses. This can ensure that the response and recovery process is effective and that all stakeholders are familiar with their roles during an incident or can identify shortcomings and areas for improvement.
In addition, automated testing of backup data can verify the integrity and recoverability of backups without manual intervention. This automation helps ensure that backups are reliable and can be restored quickly when needed.
Finally, maintaining detailed documentation and recovery playbooks helps ensure everyone knows their responsibilities and what steps to take during an incident. These playbooks should be regularly updated based on changes in adversary behavior and the results of testing and drills.
And this is just a start. To fully reduce operational risk, a transition to modern data security and management processes, tools, and practices is required. Perhaps then, we will see a reduction in ransom payments and a cyber resilience confidence built on reality.
We've rated the best identity management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro