Organizations Have Plans to Recover from Ransomware Attacks, but 82% Don’t Adequately Back Up Data for Successful Recovery

Even as IT professionals focus more on data security policies, most do not follow data backup best practices, putting organizations at risk 

POWAY, Calif., May 17, 2022 /PRNewswire/ — Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced new findings from the Apricorn 2022 Global IT Security Survey, which revealed that while the majority organizations have data backup plans in place, data for many are at risk. Apricorn surveyed nearly 400 veteran IT security practitioners in industries such as healthcare, IT, education, financial services and manufacturing about security practices around remote and hybrid work, focusing on data resiliency—the availability to access and resuscitate corporate data in the event of a ransomware occurrence or other cybersecurity attack.

Most respondents (93%) say they have a ransomware readiness plan, but significant knowledge gaps exist with regard to adequate backup and cyber resilience practices. A full 26% view the cloud as too risky for data backup, but only one in three back up to both the cloud and to encrypted hardware storage devices. Eighty-two percent want their organizations to require encrypted hardware USB usage, but only 34% have mandated such a policy. Additionally, only 20% back up in real time, and only 18% employ the long-established best practice for backup: the 3-2-1 method.

"Data loss events—from natural disasters to technology failures to cyberattacks—are an ever-present danger for organizations across all industries," said Kurt Markley, U.S. Managing Director, Apricorn. "Now, the increasing threat of cyberattacks underscores the need for increased data protection. If organizations do not have an adequate data backup strategy in place and have not been successfully attacked, they are lucky—not secure or resilient. Having data backed up in only the cloud or only offline is not sufficient. Organizations should be following the 3-2-1 rule, in which they keep at least three copies of data stored on two different pieces of media, one of which is off-site. Following this rule with a combination of cloud and hardware encrypted storage gives organizations the best chance for full data recovery."

Two years into the pandemic, 81% of respondents agree that remote and hybrid work are now standard practices within their organizations, noting that all typical security policies are the same regardless of work locations. However, 20% are not circling back to address security holes that exist as a result of the rapid changes made to accommodate work-from-home and remote work policies at the start of the pandemic. And while many respondents noted that they have gone back to address their initial remote work security practices, there are still significant fixes that need to be addressed in order to truly consider their organizations – and their data – resilient. Of the 80% that are going back to address pandemic-rushed policies, only 41% are addressing integration and enforcement of new technologies such as external USB storage devices, hardware storage and encryption. And only 34% have put a policy in place to mandate encrypted USB storage devices for protecting data on the move.

"Hybrid work environments are the new normal, and organizations must stress the importance of protecting data on the move," added Markley. "Data backups are not the sole responsibility of IT administrators. All employees need to take part in backing up data, and following policies to ensure its security. It’s alarming that after two years, so many employees and organizations have yet to adopt adequate remote work security policies."

Among those surveyed, 25% of respondents noted that the strict hybrid work policies they put in place are not being adhered to by employees, despite 82% of them continually reinforcing those policies to employees. Additionally, 60% of respondents do not back up their data or devices in advance of working remotely – further weakening their organization’s data resilience. While many organizations have considered backup and resiliency initiatives, as well as ransomware readiness, more needs to be done to strengthen them. 

Background info:
Apricorn surveyed nearly 400 (397) IT security practitioners across the globe over a two week period from March 21April 4, 2022. The respondents are experienced or veteran IT security professionals: 83% of respondents have more than five years working in security IT, with 45% of them working in the field for 16 – 20 years. They cross the gamut of vertical industries, with the top five verticals representing healthcare (14%), IT (14%), Education (14%), Financial Services (10%) and Manufacturing (10%). With regard to their role in their organization’s IT decision making, 64% either help make the final decision or are the sole decision makers. Additionally, more than a third (34%) of respondents work at large organizations with more than 3,000 employees.

About Apricorn
Apricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.

Media Contact
Sarah Hawley
Origin Comms
t. +1 480.292.4640
e. [email protected] 

SOURCE Apricorn