Ransomware a top business concern during COVID-19 remote work period: Study

The rampant rise of ransomware persists, with 100% of respondents – who include ITOps, backup, DR and storage admins, application and workload owners in the U.S. – reporting that their company experienced a ransomware attack in the last 12 months, according to Datrium’s research, titled Ransomware and Disaster Recovery During COVID-19, which assesses the impact of ransomware attacks on enterprise disaster recovery (DR) strategies during the COVID-19 pandemic-imposed stay-at-home period. With the evermore heightened threat of ransomware during the pandemic, companies are prioritizing DR and the cloud is playing a greater role as a DR site.

The research was developed to determine ransomware’s impact on businesses in the last year. The research revealed heightened concerns about the threat of ransomware during the pandemic-imposed stay-at-home mandate. It uncovers insights regarding DR strategies employed by companies and the shifts in the use of cloud DR compared to traditional approaches.

“Ransomware continues to dramatically plague businesses, and this research shows that businesses are even more concerned about it because of their newly distributed workforces resulting from the COVID-19 pandemic,” said Datrium CEO Tim Page. “The current pervasiveness of remote work puts businesses in a more vulnerable position as they are more open to increased targeting by ransomware criminals.”

Rampant Rise of Ransomware Places Businesses on High Alert during COVID-19

As businesses pivot their strategies to survive the economic downturn, the cost of a ransomware attack—which can be upwards of hundreds of thousands of dollars—can deal a severe blow to their bottom line.

• Nearly 96% of respondents said that their companies have become increasingly concerned about being hit with a ransomware attack during the COVID-19 pandemic. This marks an increase as compared to “The State of Enterprise Data Resiliency and Disaster Recovery 2019” study by Datrium, which found nearly 90% of companies consider ransomware a critical threat to business.
• The majority of respondents (68.5%) claimed that ransomware attacks have cost their companies between USD 100,000-USD 500,000 while 19.7% reported a loss of more than USD 500,000, including ransomware payment, downtime and lost business.

“At this challenging time, businesses are seeking ways to streamline operations and reduce costs. While ransomware comes with its own burden, the cost of a second data center for disaster recovery is not ideal. The pandemic is accelerating the move to cloud DR as companies find ways to adapt to a remote workforce,” said Page.

Ransomware Threat Makes Disaster Recovery a Top Priority for Businesses

The shift to a remote workforce and growing concern of ransomware has companies rethinking their disaster recovery and security strategies. A majority of respondents (92%) reported that disaster recovery has increased in importance at their company given their newly distributed workforces.

• Three in four respondents reported that their companies are concerned about ransomware during this time because:

• A remote IT team makes recovery more difficult (73.7%).
• A remote workforce makes it harder to enforce security protocols and increases the risk of attack (73.4%).

• Nearly half of respondents (48.1%) said they are concerned about the growing cost of ransomware; this cost includes ransomware payment, downtime and lost business.

A Cloud-Centric Approach to DR Tops Enterprise DR Strategies

The cloud offers a viable and accessible option for disaster recovery, making it possible to leverage on-demand cloud resources in a data disaster while keeping costs low. When asked what kind of disaster recovery approach businesses have in place, many respondents said that they currently or plan to leverage the cloud as part of their DR strategy.

• While 63.9% of respondents use on-prem primary storage as a DR site, 93.7% agreed they would be willing to adopt cloud DR if it could be paid for on demand in addition to protecting all data, including edge environments. This is an additional increase from “The State of Enterprise Data Resiliency and Disaster Recovery 2019” study which found that 88.1% of respondents said they would use the public cloud as their DR site if they would only have to pay for it when they need it.
• More than half of respondents (67.5%) currently use the cloud as a DR site.
• Nearly a quarter (21.2%) has a DR plan that doesn’t protect against ransomware.

“The research shows that on-demand and pay-as-you-go cloud DR is being increasingly recognized as a more efficient alternative to traditional DR approaches. This is no surprise as DR in the cloud offers flexibility with pay-as-you-go options that make DR painless and cost-efficient when responding to disasters,” added Page. “Ransomware and DR should continue to be top priorities for businesses planning for the ‘new normal’ as we come out of this pandemic. Those who are seeking the best approach for protecting against a ransomware attack should strongly consider a cloud DR technology that combines the functionality of primary storage, backup and recovery into a single-pane solution that enables speedy and easy recovery of data from the point of attack.”

Findings from the research are based on a survey of 302 IT professionals from organizations with over 500 employees or more that have experienced a ransomware attack in the last 12 months.