Gap between security, backup teams leads to ransomware, other advanced cyber attacks

The lack of coordination between security and backup teams is creating increased vulnerability that cyber criminals are exploiting through ransomware and other advanced attacks. According to a new report published on Tuesday, close to two-thirds (63%) of organisations find their backup and cyber teams lacking synchronisation.

The findings are part of American data backup and protection company Veeam Software's third annual 2024 Ransomware Trends Report, which further stated that 61% of security professionals and 75% of backup admins believe that the teams need either ‘significant improvement’ or that a complete system overhaul is required. The report was launched at the company's annual flagship event VeeamOn 2024 held at Fort Lauderdale, Florida from June 3-5.

According to the report, ransomware remains an ongoing threat for organisations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack, according to the report which also reveals that only 57% of the compromised data will be recovered, leaving organisations vulnerable to substantial data loss and negative business impact as a result.

“Ransomware is endemic, impacting 3 out of 4 organisations in 2023. Artificial intelligence (AI) is now enabling the creation of smarter, more advanced security, but it’s also facilitating growth in the volume of sophistication of attacks," said Dave Russell, Senior Vice President, Head of Strategy at Veeam.

"Our report delivers a clear message: ransomware attacks will continue, be more severe than predicted, and the overall impact will cost organisations more than they expect. Organisations must take action to ensure cyber resiliency and acknowledge that rapid, clean recovery matters most. By aligning teams and bolstering cybersecurity with immutable backups, they can protect their valuable business data while Veeam keeps their business running and secure.”

Other key findings from the report include that cloud and on-premises data are just as easily attackable and that cyber-attacks naturally affect an organisation’s financial stability, but just as significant is the toll it has on teams and individuals. When a cyberattack strikes, 45% of respondents reported heightened pressure on IT and security teams. Additionally, 26% experienced a loss of productivity, while 25% encountered disruptions to internal or customer-related services.

Notably, paying the ransom does not ensure recoverability. For the third year in a row, the majority (81%) of organisations surveyed paid the ransom to end an attack and recover data. One in three of these organisations that paid the ransom still could not recover even after paying.

Contrary to the belief that having cyber insurance increases the likelihood of ransom payments, Veeam’s research indicates otherwise. Despite only a minority of organisations possessing a policy to pay, 81% opted to do so. Interestingly, 65% paid with insurance and another 21% had insurance but chose to pay without making a claim. This implies that in 2023, 86% of organisations had insurance coverage that could have been utilised for a cyber event.

The ransoms paid averages to be only 32% of the overall financial impact to an organisation post-attack. Moreover, cyber insurance will not cover the entirety of the total costs associated with an attack. Only 62% of the overall impact is in some way reclaimable through insurance or other means, with everything else going against the organisation's bottom-dollar budget.

In India, ransomware has been ranked as the highest growing threat by security leaders in recent years, with experts pointing to the lack of alignments between teams — especially security and backups — leading to increase in ransomware and malware attacks.

The 2024 Thales Data Threat Report conducted by 451 Research published in March said that at least one in every 10 IT security leaders in India said that they have experienced ransomware attacks in the past year and only 20% of enterprises have a formal ransomware plan in place.

Another report by cyber security firm Dynatrace in this year's annual CISO noted that organisations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats. The results indicate that CISOs find it difficult to drive alignment between security teams, their backup counterparts and the C-suite, leaving gaps in the organisation’s understanding of cyber risk. As a result, they find themselves more exposed to advanced cyber threats, at a time when AI-driven attacks are on the rise.

The report noted that 75% of chief information security officers (CISOs) highlight the issue is rooted in security tools that cannot generate insights that C-level executives and boards of directors can use to understand business risks and prevent threats.

That said, Veeam researchers recommend that most common component of a cyber preparedness is a “good backup” and having a playbook in place. A cyber security playbook is a plan that outlines the steps that companies are expected to follow before, during and after a security incident.

While cyber and backup teams may not always be organisationally aligned, when asked about the existence of an incident response team and whether that team had a playbook, a mere 2% of organisations lacked a pre-identified team. Additionally, only 3% had teams but without a playbook in place.

(The author was invited to attend VeeamOn 2024 at Fort Lauderdale, Florida)