Research by data recovery specialist Ontrack of 484 organizations reveals that 39% either do not have a ransomware strategy, or are unaware if they have one, and 29% report they would not be able to access any working backups after an attack.
As we discussed in our note yesterday, the difference between companies with good cyber governance and poor cyber governance is very often not driven by the technology that companies have, but rather by how well companies manage their technology, as well as how well they train their staff in good cyber hygiene and threat preparation. Making sure that data is regularly and securely backed up—and analyzing third party cloud provider’s potential vulnerabilities as well—are basic building blocks of good cyber hygiene.
In addition, considering the rapid growth of the ransomware threat in recent years and the severe negative operational and financial impact that ransomware driven operational disruptions have on organizations, it is highly problematic that 39% of firms report not having a ransomware strategy, or not being aware that they have such a strategy. Without a well thought through plan, companies will not be able to respond effectively to a ransomware attack. Ransomware plans must be in place before an attack takes place, and the necessary immediate action to protect and restore data and operations can only happen if companies have plans in place to do so, and key staff know the role they are required to take in such an event. Companies with good cyber governance understand this and make the appropriate preparations (in addition to taking the steps necessary to lowering the probability of an attack in first place), while those with poor cyber governance often do not.