Arcserve Southern Africa highlights lasting consequences of ransomware attacks

Byron Horn Botha, Arcserve Southern Africa Business Unit Head.

---

According to Arcserve Southern Africa, falling victim to a ransomware attack is a matter of when, not if, as verified by recent Arcserve research that noted 80% of organisations surveyed had been hit by ransomware.

“It’s important to emphasise the last '1' in 3-2-1-1 stands for immutable backup storage, vital to your disaster recovery and data loss prevention efforts,” says Byron Horn-Botha, Business Unit Head, Arcserve Southern Africa. “Immutable backups are saved in a write-once-read-many (WORM) format that unauthorised users can't alter or delete, so they provide a last-line defence against data loss,” he says.

The research revealed not all data is recovered after an attack, in reality, with on average 30% of it lost forever following a successful ransomware attack. “The recovery process remains time-consuming and disruptive to the business. Arcserve’s research confirmed that most organisations can’t afford to take more than 48 hours to recover from a data incident and maintain any hope of avoiding revenue impact. Eighty-two percent of survey responders affected by ransomware claim that they recovered within 48 hours, while 18% did not,” adds Horn-Botha.

The Arcserve survey notes natural disasters, insider threats and ransomware are now ever-present, but what has changed for these risk factors is the probability of occurrence – it has increased, as has the impact.

“The goal of businesses today should be to achieve a robust data resilience infrastructure that consolidates protection, backup and recovery components into a unified data protection environment. This needs to be implemented as part of a 3-2-1-1 backup strategy,” says Horn-Botha.

SaaS applications play a crucial role in almost every organisation today. “Arcserve’s research noted 82% of responders indicated that their organisations use 10 or more SaaS applications. This highlights the scale and importance of SaaS in the modern enterprise. These applications generate and use a lot of data, vital for keeping operations running smoothly and customers happy,” he says.

Notably, the survey showed 59% of respondents’ organisations use 10 to 30 SaaS applications and 19% were shown to use between 30 and 50. “Many organisations have a blind spot when it comes to data within those applications. Only a fraction of SaaS applications is monitored and secured by the businesses themselves. Thirty percent of SaaS applications are not monitored/secured, but among the 70% that are monitored/secured, 40% of them outsourced that responsibility or left it largely unattended.”

SaaS data is typically subject to the shared responsibility model, where the data owner (ie, your organisation) is responsible for data protection and data recovery. An example of this is the Microsoft Shared Responsibility Model. “It’s interesting to note that Arcserve’s survey revealed that of the 40 of respondent companies who had experienced data loss due to SaaS application breaches, just over half of them considered the SaaS provider to be at fault.”

Horn-Botha says this emphasises the importance of SaaS backup solutions as they deliver a high degree of security and autonomy for businesses that want to preserve their SaaS data without reliance on the SaaS application vendor.

Compliance requirements have been around for decades and are only strengthening. In parallel, enabling compliance is increasingly challenging, as IT infrastructure becomes more complex. The Arcserve survey revealed 43% of respondents’ companies faced regulatory fines due to inadequate data protection measures. “Ensuring your company complies with relevant regulations such as in South Africa, POPIA, is not just vital to reputation, but non-compliance carries a hefty financial impact in the shape of fines.”

Horn-Botha confirms the easiest way is to employ a data resilience solution with built-in compliance levers, like access controls and versioning.

Organisations profess their dedication to data protection yet continue to suffer the consequences of data loss.

Horn-Botha says this is not surprising. “With ransomware and other potential threats, new risks emerge to businesses small and large (and in-between). Across the board, IT leaders seek additional investments in data protection, backup and disaster recovery. Following best practices in the field can help maximise protection under the constraint of limited budgets.”

As the pioneer in data resilience, Arcserve is well-positioned to help. Arcserve Unified Data Protection (UDP) and Arcserve SaaS Backup are cost-effective data resilience solutions that are easy to deploy and quick to deliver value by ensuring recovery and minimising downtime and data loss.

Click here to see Arcserve’s entire State of Data Resilience in the Enterprise Report, including tips for IT leaders to effectively communicate with internal stakeholders about mitigating the risks of data loss and downtime.