- 22 September 2021 17:28
Ransomware vulnerabilities introduced as a result of COVID-19-driven IT transformation will last another two years, finds Veritas
WEDNESDAY 22 SEPTEMBER, SYDNEY: On average, Australian organisations need an additional $2.3m and 27 new IT staff each to shorten the vulnerability lag and ensure protection in the next 12 months.
Australian businesses will leave themselves open to the risk of ransomware and other data loss incidents that result from the IT security vulnerabilities introduced by their COVID-driven business transformation for another two years, according to new research from Veritas Technologies, the global leader in enterprise data protection. The Veritas Vulnerability Lag Report, which surveyed 2,050 IT executives from 19 countries including Australia, also discovered that, if they wanted to reduce their vulnerability lag faster and extend their protection to the new technology that they’ve deployed since the start of the pandemic, the average Australian organisation would need to spend an additional $2.3m and hire 27 new members of IT staff.
Pete Murray, ANZ Managing Director at Veritas, said: “For organisations to protect themselves against vulnerability to data threats, such as ransomware, their production and protection environments have to evolve in parallel: as each new solution is introduced into the organisation’s technology stack, protection capabilities need to be extended to cover it. However, the need to innovate quickly often throws this balance off, creating a vulnerability lag, where systems and data are left unprotected and susceptible to attack. With the challenges wrought by the COVID-19 pandemic, and Australian businesses were right to prioritise the immediate task of empowering the shift to remote working. Now though, the time has come to take action and redress the balance.”
Cloud environments are most at risk while this vulnerability lag persists: 88% of Australian respondents implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans as a result of the pandemic. And 63% of respondents said that they had gaps in their protection strategy here – more than any other area.
Many of the IT experts responding to the survey lack clarity about which cloud solutions have been introduced at their companies. Just 53% said they could accurately state the number of cloud services they were now using. They also lacked clarity about the data they might need to protect, with the average respondent admitting that 33% of the data their organisation was storing is “dark” – that is to say, they don’t know what it is – and that a further 68% is Redundant, Obsolete or Trivial (ROT).
Murray said: “Having a thorough understanding of the value and location of your data is the foundation of good data protection strategies. So, before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data has been sent to which cloud services. Today, 47% don’t even know how many cloud services their companies are using, let alone what they are. It’s little wonder that they say they need time and resources to get back on track.”
The report also highlighted the impact that this vulnerability lag is having on the respondents’ business operations. 88% of those participating in the survey stated that their organisation had experienced downtime in the last 12 months. And, on average they had been the victims of 3.68 ransomware attacks that had caused disruption and downtime to their businesses. However, respondents globally who had managed to eliminate the lag and reported no remaining gaps in their technology strategy had, on average, experienced around five times fewer downtime-causing ransomware attacks than those businesses that still had one or more gaps to close.
Murray said: “With the talent crunch and competing business needs today, it’s unlikely that enterprises around the world are able to hire dozens of additional IT staff in order to rise up to this challenge, so companies need to be smart if they want to shore up their protection infrastructures against the continued threat of ransomware. Selecting a single data protection platform that can operate across the entire data estate – both in your data centre and the public cloud – can radically reduce the management burden of data protection. And adopting modern data-protection tools allows Artificial Intelligence (AI) and Machine Learning (ML) to reduce the need for so many members of staff.”