Businesses will leave themselves open to the risk of ransomware and other data loss incidents that result from the IT security vulnerabilities introduced by their COVID-driven business transformation for another two years, according to new research from Veritas Technologies, the global leader in enterprise data protection.
The Veritas Vulnerability Lag Report, which surveyed 2,050 IT executives from 19 countries, including 100 from the UK, also discovered that, if they wanted to reduce their vulnerability lag faster and extend their protection to the new technology that they’ve deployed since the start of the pandemic, the average UK organisation would need to spend an additional £1.88m[1] and hire 22 new members of IT staff.
Ian Wood, Head of Technology UK&I, at Veritas, said: “The rush to transform in response to the changes brought about by COVID has left many organisations dangerously exposed to data threats, such as ransomware. When businesses introduce new solutions to their technology stack, protection capabilities need to be extended to cover it. But faced with a global pandemic that no one could’ve seen coming, businesses needed to innovate fast, and their security measures failed to keep pace. This created a vulnerability lag, where systems and data have been left unprotected and open to attack. Everyone has been stretched by the challenges of COVID, and businesses were right to prioritise the immediate challenges of adapting their business offerings and empowering the shift to remote working, as these were critical to their survival. Now though, the time has come to take action and redress the balance.”
Cloud environments are most at risk while this vulnerability lag persists: in the UK, 80% of those participating in the research implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans as a result of the pandemic. And 53% of UK respondents said that they had gaps in their protection strategy here.
Many of the UK-based IT experts responding to the survey lack clarity about which cloud solutions have been introduced at their companies. Almost half (49%) confessed that they could not accurately state the number of cloud services they were now using. They also lacked clarity about the data they might need to protect, with the average respondent admitting that 39% of the data their organisation was storing is “dark” – that is to say, they don’t know what it is – and that a further 51% is Redundant, Obsolete or Trivial (ROT).
Wood said: “The foundation of a strong data protection strategy lies in a thorough understanding of the value and location of the data that needs to be protected. The rapid shift to remote working has meant more and more workforces rely on cloud-based collaboration platforms such as Microsoft 365. But before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data has been sent to which cloud services. Today, almost half don’t even know how many cloud services their companies are using, let alone what they are, or whether they’re backed up and can be recovered at scale in the event of attack. It’s little wonder that they say they need time and resources to get back on track.”
The report also highlighted the impact that this vulnerability lag is having on the respondents’ business operations. 90% of UK respondents stated that their organisation had experienced downtime in the last 12 months. And, on average they had been the victims of 2.7 ransomware attacks that had caused disruption and downtime to their businesses.
However, the global respondents who had managed to eliminate the lag and reported no remaining gaps in their technology strategy had, on average, experienced around five times fewer downtime-causing ransomware attacks than those businesses that still had one or more gaps to close.
Wood added: “With the massive skills shortage we are currently seeing, there is no way UK enterprises will be able to magic up all the people they need to help them address the challenges ahead. Businesses are going to need to get smarter if they want to shore up their protection infrastructures against the continued threat of ransomware. Selecting a single data protection platform that can operate across the entire data estate – both in your data centre and the public cloud - can radically reduce the management burden of data protection. And adopting modern data-protection tools with Artificial Intelligence (AI) and Machine Learning (ML) can empower skilled IT staff to refocus their time on transformation projects.”