ITWeb, in partnership with Veeam, conducted a survey on just how prepared businesses in SA and Africa are to recover from a ransomware or cyber attack, as well as the resources they have at their disposal to help them recover.
A total of 208 valid responses were captured, with 64% of respondents being at executive or middle management level. While 32% of respondents came from the IT sector, 18% from government and 15% from financial services, the remaining 35% come from a wide range of major industry sectors.
Here are some of the key findings:
- The top three sources of information about cyber threats and attack techniques cited by respondents are: Insights shared by internal security and backup teams (65%); Third-party threat intelligence services (52%); and Security vendor briefings and reports (52%).
- The majority of respondent organisations (87%) conduct regular security assessments on their backup infrastructure to detect vulnerabilities and potential threats. Of those that don’t, 8% plan to start doing so.
- 77% of survey respondents use backup data as an additional layer of defence to scan for indicators of compromise, malware or other threats.
- The biggest cause of business downtime was cited as power outages (38%), followed by hardware failure (24%) and cyber-attacks (17%) .
- Assuming a worst-case scenario where all systems are affected, respondents were asked how long it would their organisation to restore full operations. Almost half (49%) said they could restore in under 24 hours, while a third (35%) said between one and three days.
- The majority of respondents (83%) were confident of their ability to recover from a ransomware attack.
- The top three actions taken by respondent organisations to protect against ransomware are: regular data backups (83%); employee training on phishing and malware (75%); and implementing endpoint protection such as anti-ransomware tools (71%).
- Respondents were asked what resources their organisation had in place for response and recovery in the event of a ransomware or cyber-extortion incident. 60% said they had an internal incident response team, 18% had an external incident response provider that was retained independently, 8% said they had no established resources and would seek assistance as and when needed, and 7% had an external incident response services provided through their cyber insurance policy.
- Half of respondents (48%) had a cyber insurance policy that includes incident response and negotiation support, 14% have this as an optional add on, 13% said incident response and negotiation weren’t included as part of their cyber insurance policy.