Complex cloud deployments amplify ransomware impact, report finds

Dive Brief:

Companies that paid a full ransom demand had an average of 14 clouds deployed, according to the Veritas' 2020 Ransomware Resiliency Report with Wakefield Research. The survey was taken between Sept. 16-24 and included responses from nearly 2,700 global senior IT executives at companies with upwards of 1,000 employees. Companies that didn't pay any part of their ransom had a mean number of 7.22 cloud deployed.
Of companies with more than 20 deployed clouds, 39% took between five and 10 days to recover operationally following a ransomware attack. In companies with fewer than five clouds, 43% took less than a day to restore disrupted operations.
More than half of respondents said their IT security spending either flattened or decreased during COVID-19 and 57% haven't performed a disaster recovery test in the last two months.

Dive Insight:

Stopping malware spread isn't always a matter of pulling the plug or flipping the rare kill switch. The more complex a cloud architecture is, the more successful a ransomware attack might be.

Depending on a ransomware attack's dwell time, organizations aren't always capable of tracking its entry point. "IT departments have [service level agreements] based on recovery time. Unfortunately for them, the more widespread the infection, the more time enterprises will be impacted," said John Abel, SVP and CIO at Veritas.

More than one-third of companies are equally distributed between on-premise clouds and public clouds, according to the survey. Only 8% of companies are mostly reliant on a public cloud with some form of on-premise or public cloud mixed in.

Ransomware can maneuver through an organizations' systems primarily using phishing schemes and software updates. Multicloud, adopted for syncing or replicating, "is allowing these infections to spread across their cloud environments," said Abel. "That makes it even more difficult to immediately detect … The more clouds an enterprise has deployed, the happier the cybercriminal."

On average, companies are using almost 12 cloud services, including services such as Office 365, Apache Stratos, Salesforce and OpenShift. "Many enterprises don't always begin with a cloud architecture in mind," which complicates later adding security controls "after the business is already enjoying the benefits of cloud," said Abel.

Nearly two-thirds of respondents said their security measures "lag" behind their IT's complexity to some degree, according to the report.

While ransomware can deploy after a dormant period, companies using a zero trust architecture can mitigate the chances of the malware moving laterally.

The majority of respondents, 61%, rely on antivirus software and endpoint security solutions. Just over half of respondents use solutions including air gap backups, email monitoring and restricted backup credentials. But 63% of companies only have two copies of their data; either zero or one copy off-site.

Stuck in the middle of a ransomware attack, companies choose between mounting costs of halted operations or paying the attackers if their backup is unreliable. Ponemon Institute estimates companies lose about $9,000 every minute during an unplanned data center outage.

"The more complex the environment, the more difficult is recovery in a timeframe that limits business impact. Often, the choice of paying the ransom may just seem less painful," said Abel.