While migration to the cloud is at an all-time high, so is the growth of ransomware peddlers. New research released last month shows the current spurt in ransomware attacks will last another two years.
The Veritas report, “The Vulnerability Lag,” explores the ransomware risks resulting from accelerated digital transformation in the wake of the Covid-19 pandemic.
Veritas Technologies surveyed more than 2,000 global IT leaders whose organizations have undertaken pandemic-led digital transformation. The study found the majority are severely vulnerable to ransomware attacks because they have been unable to keep pace with accelerated digitization.
To close that technology gap, organizations would need to spend an average of $2.47 million in their technology strategy within the next 12 months. The average organization experienced nearly three ransomware attacks that led to downtime in the past 12 months. Ten percent were hit with ransomware more than five times, according to the Veritas report.
A global IT talent shortage makes it unlikely that enterprises can hire enough new IT staff to meet the cloud security challenge, warned Andy Ng, vice president and managing director for Asia South and Pacific Region, Veritas Technologies.
The results of this survey are not surprising, noted Douglas Murray, CEO at Valtix. Unfortunately, most organizations are dealing with a ticking time bomb of security concerns and technical debt built up over years of fragmented cloud efforts.
“Multicloud makes matters worse. This has left many organizations trying to play catch up while also dealing with the complexity of mastering cloud security, which is fundamentally different than on-premises security,” he told TechNewsWorld.
Cloud security holes are a major threat. Security vulnerabilities invite ransomware. The report highlights these major concerns:
- Only 61 percent of organizations believe their security measures have fully kept pace with their digital transformation initiatives.
- The largest technology gaps are cloud technology (56 percent) and security (51 percent).
- The vulnerability lag brings consequences. Organizations with at least one gap in their technology strategy on average, experienced around five times more ransomware attacks leading to downtime in the last year than those with no gaps.
- Digitization is outpacing security. More than six in ten (61 percent) respondents believe their organization’s security measures have fully kept up since the implementation of Covid-led digital transformation initiatives. A reported 39 percent experienced some form of security deficit.
- No organization is immune. Nine out of ten (88 percent) organizations reported experiencing downtime in the past 12 months.
- A lack of clarity exists around what technology has been introduced. Only 58 percent of surveyed senior IT decision-makers believe they can confidently and accurately state the exact number of cloud services that their organization currently uses.
- Confusion is rampant on what needs to be protected. On average, respondents’ organizational data comprises 35 percent dark data, 50 percent redundant, obsolete, or trivial (ROT) data, and only 16 percent business-critical data.
- On average, it will take two more years to eliminate the current vulnerabilities that organizations face today.
Continuing Pandemic Fallout
Covid-19 was a catalyst for creating vulnerability lags in organizations around the world. The pandemic forced organizations to rapidly introduce new systems to support evolving business practices such as remote working, contactless interaction and providing consumers with full online features. That meant IT departments were often forced to prioritize the delivery of functionality over security, according to the report.
Over the past year, many organizations accelerated their digital migration to cloud services in an attempt to stay productive while employees converted to working remotely, observed Joseph Carson, chief security scientist, and advisory CISO at Thycotic.
“This major migration meant many organizations have simply moved the same security controls used on-premises and adapted them to their cloud environment. As a result, this has seriously increased risks and exposure for those organizations,” he told TechNewsWorld.
Clouds Pose Major Risks
Ransomware is one of the top threats all organizations are facing today, warned Carson. That threat can quickly bring an organization to a complete stop.
As organizations migrate to cloud services, they must prioritize a new security strategy that takes advantage of cloud assets. This means identity is becoming the new security perimeter, and privileged access is the new security control along with a strong zero-trust mindset that continuously verifies authentication and authorization requests, he said.
“In cybersecurity, our job is to force the attackers to take more risks. As a result, this creates more noise in your infrastructure to give you a better chance to detect the attackers before they deploy nasty ransomware,” Carson explained.
The good news is that security steps inevitably always come back to the best practices of defense. These are in-depth solutions that ensure the right security controls and policies are deployed against every cloud workload, added Valtix’s Murray.
A variety of technologies can help reduce ransomware risk in the cloud. These include network-based intrusion prevention, antivirus, and the segmentation of workloads, he suggested.
“By taking a cloud-first approach to these problems, security leaders can set the stage for the future through a cloud-native, multi-cloud security architecture,” he said.
Parallel Security Evolution Needed
Organizations need to protect themselves against vulnerability to data threats such as ransomware. That requires their production and protection environments to evolve in parallel, asserted Ng in the Veritas report.
As each new solution is introduced into the organization’s technology stack, organizations must extend protection capabilities to cover it. However, the need to innovate quickly often creates an imbalance. That, in turn, creates a vulnerability lag where systems and data are left unprotected and open to attack, he explained.
“The onslaught of Covid has compounded the issue, as many put the priority on empowering the shift to remote working. Now though, it is time to take action and redress the balance,” he urged in the report.