Rubrik: Ransomware Payment Activity on the Rise
A global survey of more than 1,600 IT and security leaders conducted by Wakefield Research on behalf of Rubrik finds nearly three-quarters (72%) of organizations have complied with a ransomware demand despite nearly all of them (99%) having access to backup and recovery tools.
In addition, only 16% said they were able to recover all their data using decryption tools provided by a cyberattacker.
Steven Stone, head of Rubrik Zero Labs, said the survey makes it clear that organizations of all sizes need to modernize their approach to data protection.
For example, a full 93% of respondents reported encountering significant issues with their backup and recovery solutions, with an equal percentage also noting that cybercriminals also attempted to access data backups during a cyberattack. Nearly (73%) of those attacks were partially successful, the survey finds.
The data protection issues that organizations face are also being further exacerbated by the growth in data volume, noted Stone. An analysis of the amount of data being stored by more than 5,000 organizations via the Rubrik software-as-a-service (SaaS) platform finds that, on average, organizations backed up 25% more data in 2022. Organizations are attempting to secure an average of 227 TB of data, the report found. The amount of data that organizations will need to secure within the next five years will triple, noted Stone.
Almost half (47%) of survey respondents said they believe their 2023 cybersecurity budget is not a large enough investment to address their requirements, with 96% admitting they are concerned their organization will be unable to maintain business continuity following a cyberattack. More than a quarter (27%) expect their IT and cybersecurity budgets to decrease in 2023.
More troubling still, only 56% of IT and security leaders developed or reviewed an incident response plan in 2022, and slightly less (54%) tested backup and recovery options. More than half (52%) also created or refined data recovery orchestration.
On the plus side, more than half (56%) currently employ at least one zero-trust initiative, the survey finds.
It’s not clear these days who within IT organizations is responsible for data protection, but there is no doubt that cybersecurity teams are exercising more influence. Ultimately, it’s the cybersecurity team that is held to account whenever data can’t be recovered and a ransomware payment needs to be made.
Of course, it’s also not clear how long it will be before making that ransomware payment creates some legal jeopardy for an organization. Lawmakers around the globe are debating the merits of imposing fines on organizations that don’t disclose ransomware attacks as part of an effort to reduce the financial incentives for launching them in the first place. The assumption is that making a ransomware payment only encourages a cybercriminal to launch a similar attack against another target. As such, the time for requiring organizations to revisit the processes they use to back up and recover data may be long overdue.
Regardless of the motivation, the need for greater collaboration between cybersecurity and IT operations teams in the age of ransomware is now obvious.
