Nearly two-thirds (66%) of organizations have faced at least one ransomware attack in the last two years. Alarmingly, 45% of those have experienced multiple attacks. And 43% of organizations struggle to recover more than three-quarters of their data after an attack.
These statistics indicate a clear necessity for data protection strategies that work. The pressing question is: what are those strategies?
Purpose of the eBook
To that end, Object First recently published an eBook on Zero Trust and Ransomware Protection in collaboration with Informa TechTarget’s Enterprise Strategy Group (ESG) on how organizations are rethinking the way their backup storage environments work. This partnership was aimed at shedding light on modern security challenges to find practical strategies for how backup solutions can survive ransomware attacks.
Research Methodology and Demographics
The survey involved a group of 200 IT executives and managers from organizations throughout North America (including the U.S. and Canada) and Western Europe (specifically Germany and the UK), all comprising between 1,000 to 9,999 employees.
Participants represented a wide array of industries, including financial services, technology, manufacturing, and retail/wholesale, among others. Data collection took place over a focused period from September 19 to October 4, 2024.
In terms of financial metrics, 52% of respondents reported annual revenues exceeding $1 billion, while 24% indicated revenues between $500 million to $1 billion, and 24% had revenues below $500 million.
Regarding professional roles, the survey's most prominent position was Chief Data Officer (37%), followed by Database Administrators (DBAs) (12%), Data Analysts (11%), and Data Engineers (11%). Additionally, the survey included representation from six other roles, each comprising 7% or less of the overall respondents.
Key Findings
While there were numerous insights, ESG identified four key takeaways.
1. Ransomware attacks are only becoming more common
The research revealed that most organizations have faced at least one ransomware attack in the last two years. These incidents can lead to significant problems, as 50% of affected organizations take up to five business days to resume normal operations. Additionally, many companies find it difficult to recover all their data after an attack, which is why it's important to have strong data protection measures in place.
2. Adoption of Zero Trust principles helps fight ransomware
The study found that over 90% of IT leaders agreed on four key principles for preventing ransomware attacks: adopting a Zero Trust approach, following the 3-2-1 Backup Rule (keeping three copies of data in two different locations, with one copy stored offsite), separating backup management software from backup storage (segmentation), and using immutable backups to secure data.
3. Target Backup Appliances > Integrated Backup Appliances
Once these best practices were identified, the research examined which backup solutions best support them. IT professionals largely agreed that Target Backup Appliances are more compatible with the Zero Trust approach than Integrated Backup Appliances. Many respondents stated that these target-based solutions not only improve backup systems but also provide better security and faster backup and recovery, making them valuable tools for data protection.
4. Assume breach, prepare for recovery
To better protect themselves against future ransomware attacks, organizations are adjusting their backup strategies to include modern security principles. This involves using immutable storage for backups, separating different aspects of their backup processes, and keeping multiple copies of their data.
While practices like hardening system security, monitoring activities, and analyzing threats are important, a breach is still bound to happen—all you can do ensure your data is recoverable after the attack. Having several immutable backups is the best way to ensure a quick and effective recovery.
Key Statistics and Insights
Less than one in ten organizations can operationally recover from an attack within one day, and for many it’s much longer. The most common timelapse for recovery (40% of respondents) was 1 to 5 business days, with some taking more than 40% business days. As stated before, 43% recover less than three-quarters of their data. For most companies, regardless of the industry, that’s a death knell for business.
96% of organizations reported that their backup data was targeted during ransomware. Additionally, 81% of respondents identified immutable backup storage as the last line of defense in any ransomware strategy, while 59% are adopting it as their primary protection method against these threats.
The key takeaway is twofold: ransomware is a matter of "when," not "if," and hardening alone isn't enough—only immutable storage can ensure recovery. Integrating Zero Trust principles, a strategy that assumes no device or person should automatically be trusted, helps achieve this.
ESG encourages organizations to adopt a Zero Trust approach that includes using secure, immutable storage and separating different parts of their systems to effectively safeguard data against ransomware. The study indicates that IT departments need to move beyond standard security practices and implement more advanced strategies that incorporate these principles.
“A Zero Trust model needs to be applied to all IT resources in an environment, including their backups. Now, that isn’t going to occur overnight; it needs to be a coordinated effort that touches upon all the Zero Trust pillars and needs to be looked at as ongoing.”
--Vice President of Infrastructure Technology, Multinational auto services organization, with over 1,000 employees globally
Future Considerations
Traditional security measures aren’t enough anymore, and the research shows that backup solutions should deliver immutability and align with Zero Trust principles. Target Backup Appliances can enhance protection against ransomware and help with quicker data recovery.
To improve your backup strategy, focus on easy-to-use and secure solutions that align with Zero Trust ideas. For more detailed guidance on keeping your organization safe from ransomware, we invite you to download the full eBook. It provides valuable insights to strengthen your company’s data protection strategy and better defend against ransomware threats.
