Gaps in readiness are impacting the ability of many organizations to manage and recover from ransomware attacks, according to research by Zerto, a Boston-based cloud data management and protection platform. This gap poses a risk to mitigation strategies presented by widespread skills shortages and over-reliance on internal resources.
One of the best protections against a ransomware attack is the ability to recover from it and many organizations are still struggling to counteract ransomware when prevention has failed, according to Zerto.
The study, conducted by ESG, and co-sponsored by Zerto, “The Long Road Ahead to Ransomware Preparedness” shows that ransomware attacks are becoming more frequent and the organizational impacts are a major concern.
The report found that nearly three-quarters of organizations experiencing ransomware attacks in the past 12 months (73% of respondents in total) were negatively impacted, and at least 75% suffered operational disruption.
Sixty-one percent of organizations who paid a ransom were then subjected to further extortion attempts resulting in extra payments being made on top of initial sums.
Related: Cybersecurity Skills Gap Is Getting Worse, Report Says
About one in seven organizations got 100% of its data back even after paying a ransom. Paying a ransom is no guarantee to getting a business completely back online notes Zerto.
Nearly half of the survey respondents (45%) said they are struggling with skills issues that will help them respond to a ransomware attack. Respondents reported skills and training gaps within certain areas of their teams and external contractors/vendors, while others are severely lacking critical people and skills.
“Unfortunately, many organizations remain seriously under-prepared to effectively mitigate against the risks and impact of ransomware attacks,” commented Christophe Bertrand, practice director at ESG. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned. Instead, leaders should be focusing on ransomware strategies that emphasizes effective, rapid and complete recovery.”