In response to a growing cyber threat landscape, a pressing need has emerged for specialized data resiliency. Even the most prepared can find themselves caught in the crosshairs when data loss strikes.

This finding, among many others, are included in a recent Druva Inc.-commissioned industry survey with 500 chief information officers across 20 industries, carried out by IDC.

“Too many organizations were forced to pay the ransom, lost data or took excessively long to recover,” according to Phil Goodwin, research vice president at IDC. “Unfortunately, no one knows what they don’t know until it’s too late. Attacks come in unexpected ways, and cybercriminals have extensive experience in finding vulnerabilities. IT and business leaders must make a frank, honest assessment of their data resilience and cyber-recovery capabilities.”

Goodwin spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the “Why Ransomware Isn’t Your Only Problem” event. In separate interviews, theCUBE industry analysts Dave Vellante and John Furrier (pictured) spoke with Druva’s W. Curtis Preston, chief technical evangelist; Stephen Manley, chief technology officer; and Anjan Srinivas, vice president and general manager of product management. They discussed how the survey’s findings affect the enterprise and Druva’s plans to innovate a growing data resiliency portfolio. (* Disclosure below.)

The facts around ransomware and digital resilience

At scale, enterprise cloud adoption has presented as something of a double-edged sword. On one hand, it allows companies unprecedented levels of agility, scalability and value delivery. On the other hand, it has greatly expanded the cybersecurity threat surface. In response, organizations are prioritizing the digital resiliency mentality.

“What we found in some of the research that we did is that about 77% of organizations have digital resilience as a top priority within their organization,” Goodwin explained. “What you’re seeing is organizations trying to leverage things to become more digitally resilient. Digital resilience is a term that we use to describe that function aimed at avoiding data loss, assuring data availability and extracting value from data.”

In a nutshell, data resilience is an inextricable subset of digital resilience and a foundational concept to the overarching IT resilience, according to Goodwin.

The IDC research found nearly 46% of organizations have suffered ransomware attacks in the past three years. The frequency of these attacks has wiped off the stigma associated with them, allowing something of a community approach to defending against attacks, Goodwin added.

“I really think that ransomware is one of those things that is here for the long-term and something that we have to address and have to get proactive about,” he said.

What’s more, the study uncovered a profound disconnect between organizational perceptions of cyberattack readiness and the realities on the ground.

“Eighty-three percent of organizations believe or told us that they have a playbook that they have for ransomware,” Goodwin stated. “I think 93% said they have a very high degree of confidence in their recovery tools and are fully automated. And, yet, when you look at the actual results, 46% have been attacked successfully. In separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom.”

Here’s the complete video interview with Phil Goodwin:

The recovery aspect of resilience

Data resilience has two elements: fending off attacks before they happen, and recovering from attacks when infiltration occurs. One major reason the latter is often ignored is that organizations simply don’t pay as much attention to their backup systems, according to Preston.

“I think that this long-running problem that’s existed as long as I’ve been associated with backups is the problem of nobody wanting to be the backup person,” Preston explained. “And people often just don’t want to have anything to do with the backup system. And, so, it sort of exists in this vacuum.”

With such a high fraction of affected companies in the study (around 67%) paying the ransom, these malicious actors are ultimately being incentivized to hack them yet again, Preston pointed out.

“The surest way to guarantee that you get reattacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time,” he added. “Everyone knows if you pay the blackmail, all you’re telling people is that you pay blackmail.”

With backup systems occupying such an important place in an organization’s recovery strategy and even serving as an attack vector themselves, their environments must exist entirely outside of the active directory.

“Backups have to be stored completely separate from your environment,” he explained. “The login and authentication and authorization systems need to be completely separate from your typical environment. If the production system is compromised, then the backup system is compromised. So you’ve got to segregate all of that,  and I just don’t think that people are thinking about that.”

Here’s the complete video interview with W. Curtis Preston:

Druva execs weigh in on key survey findings

While the threat of ransomware and other cyber realities identified in the survey are being taken seriously by most security stakeholders, one subtlety that makes the fight so difficult is the constant evolution, according to Manley.

“It’s not as if the threat was a static thing to just be solved and you’re done,” he explained. “Because the threat keeps evolving. It remains top of mind for everybody because it’s so hard to keep up with what’s happening in terms of the attacks.”

Another plausible enabling factor for the boom that cyberattackers seem to be enjoying is the prevalence of legacy tools and software, according to Srinivas.

“[Organizations] were not prepared for the advanced techniques that these ransomware attackers were bringing to market,” he explained. “It’s almost like these ransomware attackers had a huge leg-up in terms of technology that they had in their favor, while keeping the lights on meant keeping IT away from all the retooling that needed to happen.”

To answer the rampant problem of higher-ups panic-buying new sets of tooling with little thought about how they fit together, Druva technology is purpose-built to monitor all these tools for insights into anomalies, Srinivas explained.

Druva launched its Managed Service Provider program in mid-2021 with one premise: to empower managed service providers and accelerate their customers’ cloud transformation with a resilient, simplified data protection service. The company’s solution combines data protection with an as-a-service consumption model.

“What we are watching people do, and people do it successfully, is that as they have adopted Druva technology, which is ground-up built for the cloud and really built in a way which is driven at a data-insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really mitigating this ransomware,” Srinivas stated.

In summary, organizations need to sit back and look at how their threat defense infrastructures are built to support the solving of today’s rapidly-advancing cyber problems, according to Manley.

Here’s the complete video interview with Stephen Manley and and Anjan Srinivas:

Watch the complete event video below:

(* Disclosure: TheCUBE is a paid media partner for the “Why Ransomware Isn’t Your Only Problem” event. Neither Druva Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Image: SiliconANGLE