cyber risks

(Photo by Philippe Huguen / AFP)

2022: Can companies mitigate increasing cyber risks?

  • Total ransomware costs in 2021 to be around US$ 20 billion.
  • Only 11% of organizations can recover data within 72 hours of a cyberattack.
  • Cohesity launches Security Advisor, enabling organizations to improve security posture and reduce cyber risks in an era of sophisticated ransomware attacks  

Cyber risks for organizations are expected to continue to be a major concern for organizations in 2022. While 2021 saw increasing cyber attacks as well, what disrupted most businesses were sophisticated ransomware attacks. Not only were these attacks harder to detect, but they also had a bigger impact on their victims.

Studies show that ransomware attacks soared 93% in the first half of 2021. With the increased incidence of cyberattacks, the threat of ransomware, and the potential for human error in administering cluster security, organizations need a fast, simple, and comprehensive way to assess their security posture and address any concerns quickly.

Some of the biggest ransomware attacks in 2021 included the attacks on the supply chain network as experienced by Colonial Pipeline and JBS. Other major cyberattacks in 2021 saw tech companies like ACER and managed services provider Kaseya also targeted.

As cyberattacks target more industries, the cyber risks for them increase as well. According to statistics from CyberSecurity Venture and Gartner, the predicted total ransomware cost in 2021 is US$ 20 billion. A typical ransomware attack costs 10 to 15 times more damage to organizations than the ransom demand.

Cyber risks are more concerning in the future also because a ransomware attack is expected to occur every two seconds by 2031 compared to every 11 seconds today. The biggest effect of this is that only 2% of an organization’s disaster recovery efforts are aligned with business-defined recovery requirements.

“It is only going to get worse. Research shows that cybercrime damage is predicted to be worth US$ 10.5 trillion by 2025. And only 11% of organizations can recover data within 72 hours of a cyberattack. I think organizations must be prepared to recover. A lot of businesses cannot last a 72-hour downtime,” said Ravi Rajendran, Vice President for Cohesity Asia Pacific and Japan.

As such, sufficient backup and data management are now a prerogative that companies can’t afford to not take seriously in dealing with cyber risks. Organizations need to be able to recover from any ransomware attack as quickly as possible. Any prolonged downtime could lead to severe repercussions.

Cohesity recently introduced Security Advisor, an addition to the company’s Threat Defense architecture that gives customers an easy way to improve their security posture in an era of rapidly sophisticated and damaging cyberattacks. The new feature helps reduce human errors and achieve a higher level of cyber resilience in customer environments that are managed through the Cohesity Helios data platform.

Security Advisor scans the customer’s Cohesity environment, including an array of security configurations, and considers a host of factors such as access control, audit logs, and encryption framework that are critical to protecting the security posture of the data cluster. Organizations then receive a score that tells them how they are performing against Cohesity’s best practice recommendations.

Additionally, the companies are provided with recommendations on how to address potential risks and help keep their platform and the data secure from bad actors — both internal and external — which can limit their exposure to cyber extortion.

Security Advisor complements Cohesity’s CyberScan application on the Cohesity Marketplace. CyberScan enables organizations to uncover cyber exposures and blind spots within their production environment by running on-demand and automated scans on backup snapshots against known vulnerabilities.

“Enterprises use an array of tools to generate and manage data, and each tool has its own security settings – making it difficult to review every setting and control access across all their disparate technology. This lack of visibility and control leaves IT environments vulnerable to cyberattacks,” said Brian Spanswick, chief information security officer, Cohesity.

Cyber risks in 2022 and beyond will only get more complicated and sophisticated. For Christophe Bertrand, practice director, Data Protection for Enterprise Strategy Group, their recent research shows that ransomware is the top IT spending priority for 2022, and that ransomware preparedness is now a core business conversation at the executive level and in the boardroom.

“As cybercriminals become more aggressive and creative, against a backdrop of the cybersecurity skills shortage, organizations are struggling to maintain an optimal security posture,” he added.