01732 759725 25 magazine CYBERSECURITY something floating in the water, I can save myself. The bad actors are basically trying to sell me a life preserver. And the only reason I won’t pay for that is if I can save myself. What the bad actors are trying to do is remove my ability to save myself and in all but 18% of cases they’re specifically targeting for that.” The extent to which they have been successful in targeting backups is highlighted by the fact that almost one third of respondents who paid a ransom discovered that the bad actors had hit all or most of their repositories. On average, 39% of backup repositories were affected and unusable. This, as Russell points out, makes it very hard for organisations to recover and increases the time it takes. “On average, it takes three plus weeks until you’re back up and operational. Some said it took one to two months. A few said it took two to four months.” Buffington said that Veeam’s intention with this research is not to spread fear but to get everyone pulling in the right direction. “Sixteen per cent say they recovered without paying. Veeam’s mission in life should be to help the other 84% of respondents to be able to answer that way. That’s the goal,” he said. To download a copy of the report, go to vee.am/rw23 many organisations. “The reality is that in some areas you just can’t get cyber insurance. But in almost all areas, it’s becoming increasingly expensive, perhaps to the point of prohibition. Just 8% said for their last cyber insurance renewal there was no changes. That means that 92% faced changes including increased premiums (cited by 74%), increased deductibles (43%) and reductions in coverage benefits (10%).” Sub-optimal outcomes Generally, ransomware victims have two ways of averting a crisis – pay the ransom (with or without insurance) or restore from backup. Of the organisations questioned by Veeam, 59% paid the ransom and were able to get their data back, 21% paid the ransom but could not get the data back, 16% were able to recover their data without paying the ransom and 4% were not in a position to do either as the motivation of the attackers was simply to destroy data – “more arson than extortion”, as Russell put it. Buffington added: “I just can’t get over the fact that more organisations paid but could not recover than recovered without paying.” Targeting backups There’s an interesting correlation between the proportion of organisations that were able to recover data themselves without paying a ransom (16%) and the proportion of organisations in which an attempt by bad actors to affect their backup repository failed (18%). “In 93% of cases bad actors specifically targeted the backup repository in order to remove organisations’ ability to recover themselves and in three out of four cases, the bad actor was successful in doing that,” explained Buffington. “I use the example of somebody pushing me off a boat. If I can find More than nine out of 10 cyber attacks (93%) target backup storage to force ransom payment, reveals Veeam in a new report based on a survey of 1,200 organisations that experienced at least one successful cyber attack in 2022. This reinforces the obvious point that there is no substitute for an effective back-up and disaster recovery strategy to minimise the damage from a ransomware attack – not least because cyber insurance can no longer be relied upon. Cyber insurance was a new area of inquiry for Veeam’s 2023 Ransomware Trends Global Report and its findings highlight the extent to which businesses have come to depend on insurance to minimise the financial damage of an attack. More than half (57%) of surveyed organisations had a cyber insurance policy that covers ransomware to some degree. Of the 80% of surveyed organisations that ended up paying a ransom, 95% had some form of insurance, with 77% using it for that purpose. However, the survey also shows that that insurance is increasingly patchy. Not only do cyber insurance policies in most cases provide no cover for the cost of downtime or the cost of remediation, but the cover enjoyed by 21% of organisations specifically excludes ransomware. Dave Russell, Veeam Vice President of Enterprise Strategy, said: “It’s a bit like purchasing flood insurance only to find out that the flood policy is not going to be activated by water damage. The very thing that ostensibly you purchased the cover for may be very, very difficult to obtain. Reliance on insurance, particularly cyber insurance, is going to be problematic for most of us going forward.” Veeam’s Vice President of Market Strategy Jason Buffington adds that on top of reduced availability, cyber insurance costs are becoming prohibitive for Learning from experience New Veeam report highlights the limitations of cyber insurance 2023 GLOBAL REPORT RANSOMWARE TRENDS Lessons learned from 1,200 victims and nearly 3,000 cyber attacks Dave Russell Jason Buffington
RkJQdWJsaXNoZXIy NDUxNDM=