Ransomware prevention a focus for storage stewards in 2024
In 2024, generative AI and machine learning, along with employee education, are important tools to prevent the spread of ransomware throughout the enterprise.
Ransomware's ongoing threat to enterprise data will remain top of mind for IT teams in 2024, a continuation of a similar trend seen throughout last year, including for storage admins looking to remain vigilant against attacks.
Analyst and vendor surveys found that IT departments are struggling against tight budgets, massive data sprawls and increasingly sophisticated attacks, which make predicting ransomware's impact difficult.
Many enterprises are now working under the assumption that they could become compromised, according to storage and data protection analysts. Organizations are looking to preempt attacks through greater cybervigilance of data storage and backups, including the use of generative AI (GenAI) and machine learning, along with increased user education.
These are repeats of concerns and potential solutions about ransomware from last year, said Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group (ESG). Enterprises behind on their cybersecurity practices likely also lag in recovery capabilities as the line between security and backup continues to blur.
"Guess what, not much has changed," he said. "A year later and we're still in the same pretty unhappy situation. While the problem may be better understood, it's not being solved."
Survey says: Pay the ransom
Companies suffer almost daily from ransomware attacks, according to ESG's November 2023 survey. Organizations that fall victim to an attack will likely pay the ransom and some will pay more than the initial demand, according to survey results.
Of the 600 respondents, only 22% said they had not experienced any attempted or successful ransomware attacks in the last year. Around 29% said they experienced sporadic attacks in the last 12 months, while 11% claimed they experienced attempts daily.
"The problem is it's very pervasive," Bertrand said, adding that these attacks come in a variety of methods and are difficult to stop after an initial infection. "It's a perfect combination of issues. You don't know what, when, and you don't know how [to respond]. That's the nature of the issue."
[Ransomware is] still a very healthy business for cybercriminals.
Christophe BertrandAnalyst, Enterprise Strategy Group
More than half, 52%, of 354 respondents reported that successful attacks were contained to specific business functions and limited data sets, but 23% indicated that they suffered a broad and extensive attack across the entire company. Top targets for these attacks included IT infrastructure, storage systems and networks. Regulated data, which can contain personally identifiable information, and infrastructure configuration data were the most frequently affected data sets.
Around 56% said their organizations agreed to pay a ransom to regain access to systems or data following an attack. In another question, 57% of 200 respondents said they paid more than the initial ransom demand.
Only 16% of the 354 respondents said they could recover 100% of all affected data following the attack, with 42% saying they typically recovered more than 75% of what they'd lost.
"It's still a very healthy business for cybercriminals," Bertrand said.
Combating ransomware in 2024
ESG's survey reflects similar findings seen in vendor surveys, including Dell Technologies' 2024 "Global Data Protection Index Cyber Resiliency Multicloud Edition" that was released this week and research from other analyst firms such as The Futurum Group.
Dave Raffo, an analyst at Futurum, found in interviews he conducted that in 2023, better ransomware detection capabilities within security or data protection are more pressing among CISOs than tools that expedite recovery. Respondents said they wanted analytics and machine learning for anomaly detection, auditing tools and ransomware forensic tools.
The rise of GenAI within the last year has spurred data protection and backup companies to pivot into offering GenAI features or rebranding existing machine learning and anomaly detection capabilities alongside GenAI features such as chatbots or automation through plain English.
Customers are interested in these capabilities to make up for a lack of staffing or to come to grips with the overwhelming data sprawl in the enterprise, Raffo said. How effective these tools are for customers remains to be seen.
"A lot of vendors talk about having it in their products," Raffo said. "I don't know if they've been in the market long enough [for me] to say these are good."
Even if the technology is immature, CISOs are jumping at the opportunity to make the initial probe or penetration by rogue elements as difficult as possible and avoid becoming the business highlight of the nightly news, said David Linthicum, chief cloud strategy officer at Deloitte Consulting.
"AI is the biggest weapon for this right now," he said. "I hear from CISOs all the time that [they're] trying to become the less desirable target. The only way to do that is [through] your ability to understand where these things are coming from, adjust your defenses directly and have some sort of automated procedure to make that happen."
Air-gapping -- the physical or logical separation of data from a network -- isn't a common way to protect data in the enterprise, according to analysts, even as it becomes a more popular pitch from cloud and SaaS backup vendors such as Zerto and Cohesity.
Futurum Group research found that air-gapping was the least common backup protection, with only 15% of survey takers saying they use the capability, compared with the more popular data encryption, which is used by 64% of respondents. About 67% of those surveyed by ESG aren't using air-gapping, while 27% have deployed air-gapping in some form.
"Many times [IT gets] to the decision to put an air gap or gap technology in place when they run out of money and they don't buy what they should," Linthicum said. "So that becomes basically a business continuity or disaster recovery question. How cheap is it for you to implement that and [at what] point to recover."
Outside of new purchases, Raffo said many IT teams are taking the most proactive approach of educating employees in ransomware awareness, including the classic lesson of not clicking suspicious email links or attachments.
"There's always new threats out there," Raffo said. "Budgets aren't really improving or getting much bigger, [but IT teams are] certainly doing what they can."
Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.
