Increased severity of ransomware attacks in complex cloud environments, as revealed in a recent study
In the digital age, businesses are increasingly relying on cloud services to streamline operations and boost efficiency. However, this shift towards cloud adoption also brings new challenges, particularly when it comes to security threats such as ransomware attacks.
One of the most pressing issues is the dwell time of a ransomware attack. With organizations often unable to trace the entry point of an attack, the damage can spread unchecked, causing significant disruption. This was highlighted in a study by the Ponemon Institute, which estimated that companies lose approximately $9,000 every minute during an unplanned data center outage.
Another concerning factor is the lack of regular disaster recovery testing. According to a survey, 57% of respondents haven't performed a disaster recovery test in the last two months. This lack of preparedness can exacerbate the impact of a ransomware attack.
The complexity of cloud architectures also poses a significant challenge. Many enterprises don't always start with a cloud architecture in mind, which makes the addition of security controls more difficult after the business has already benefited from cloud services.
However, not all is doom and gloom. In companies with fewer than five clouds, 43% were able to restore disrupted operations in less than a day. Furthermore, companies using a zero trust architecture can mitigate the chances of malware moving laterally during a ransomware attack.
The distribution of clouds among companies is diverse, with more than one-third equally distributed between on-premise clouds and public clouds. The company most cited by global senior IT leaders as the most used cloud service platform for deploying more than 10 cloud services is Amazon Web Services (AWS).
The spread of ransomware is often facilitated by phishing schemes and software updates. The majority of respondents, 61%, rely on antivirus software and endpoint security solutions, but these measures may not always be enough.
In the face of a ransomware attack, companies find themselves in a difficult position. Stuck between mounting costs of halted operations and the risk of paying the attackers, some opt for the latter if their backup is unreliable. This is further complicated by the use of multicloud, which allows infections to spread across cloud environments, making it more difficult to immediately detect and contain the threat.
The Veritas' 2020 Ransomware Resiliency Report with Wakefield Research found that companies that paid a full ransom demand had an average of 14 clouds deployed, suggesting a correlation between the complexity of a cloud architecture and the success of a ransomware attack.
The report also revealed that nearly two-thirds of respondents said their security measures lag behind their IT's complexity to some degree. This highlights the need for businesses to invest in robust, up-to-date security measures, despite potential budget constraints during times like the COVID-19 pandemic.
Just over half of respondents use solutions including air gap backups, email monitoring, and restricted backup credentials, indicating a step in the right direction towards enhancing security. However, 63% of companies only have two copies of their data, either zero or one copy off-site, which leaves them vulnerable to data loss in the event of a ransomware attack.
In conclusion, while the shift towards cloud adoption brings numerous benefits, it also introduces new security challenges. Businesses must be proactive in implementing robust security measures and regular disaster recovery testing to mitigate the impact of ransomware attacks. Despite the complexity and cost involved, the long-term benefits of investing in cybersecurity far outweigh the risks.
Read also:
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
- Online Cyber Assaults May Deter Web Usage Among Younger Generations
- Navigating English for Common Tech and Devices Daily Use
- Enhanced Privacy Technologies in Data Transmission and Internet Infrastructure
