Skip to main content
Home » Business Resilience » Ransomware resilience steps all companies should consider
Sponsored

James Blake

Global Head of Cyber Resiliency GTM Strategy, Cohesity

As ransomware attacks surge, businesses must prioritise resilience, focusing on rapid recovery and adaptive strategies to survive disruptions.


As the frequency and sophistication of ransomware attacks increase, businesses across the globe are being forced to rethink their approach to security. Cyber-attacks have evolved into an entire industry, with ransomware-as-a-service (RaaS) platforms providing a ready-made toolkit.

Evolution of ransomware

Businesses can no longer view cyberattacks as a possibility. They must recognise them as an inevitability, says James Blake, global head of cyber resiliency at data security software firm Cohesity.

What sets these cybercriminals apart is their ability to weaponise vulnerabilities within days of their discovery. While businesses might take weeks, maybe months, to patch a critical vulnerability, threat actors can exploit it within four days.1

“I used to be focused on protection and detection, but I now believe you cannot stop these attacks — the motivation is too high and the attack surface too wide,” says Blake. “We’ve got to build a way to deal with them as business-as-usual.”

Not just an IT problem

Many companies may still see cyberattacks as just an IT issue, like a disaster recovery problem that can be handled similarly to a power outage or hardware failure. However, a ransomware attack is far more complex, requiring not just IT but also security teams, leadership and external stakeholders such as law enforcement, insurers and regulators.

What vulnerability did the attackers exploit? Have persistence mechanisms been installed to allow them to return? Did the backup data already have vulnerabilities? These are critical questions that IT teams cannot answer alone.

Ransom payment fallacy

Despite the rise in ransomware attacks, one statistic is particularly troubling: 59% of businesses had indeed paid a ransom in the previous year. The costs can be staggering: companies paid an average of £890,000. This highlights a fundamental misunderstanding of what happens after an attack. First, the integrity of the data is rarely intact. In fact, only about 4% of organisations that pay a ransom recover all their data, and the average recovery rate is just 86%.2

More alarmingly, paying a ransom can have legal consequences. In the US, paying sanctioned ransomware operators can result in a 30-year prison sentence for executives, with similar penalties elsewhere. Besides, even after paying, there’s no guarantee that your data won’t be exfiltrated or leaked. Many organisations that pay the ransom are hit again by the same or different groups — because paying emboldens criminals.3

Attackers are always changing
their methods; businesses have
to be flexible and adaptable.

Advanced recovery via ‘clean room’

A promising development is the introduction of the ‘clean room’ concept: an isolated environment, completely separated from a company’s IT infrastructure, which holds essential resources such as contact lists, workflows and ‘gold master’ images of critical systems that are guaranteed to be malware-free.

The clean room enables businesses to communicate — whether with law enforcement, insurers, incident response teams or regulators — within hours, if not minutes. It’s essentially a disaster recovery plan for your disaster recovery plan.

The clean room goes beyond basic recovery; it helps companies pre-emptively address future threats. This allows the company to not only recover but also prevent the same type of attack from happening again.

Data management and cybersecurity: a critical partnership

Many companies may underestimate the power of their own backups, which offer a trove of information that can help businesses understand how an attack occurred and how to prevent future incidents.

While backup data might not seem “sexy” in the world of cybersecurity, it offers a passive, untouchable source of insight, providing a means to track changes, identify vulnerabilities and build a proactive defence, says Blake.

“As Mike Tyson famously said, ‘everybody has a plan until they get punched in the mouth’ — it’s the same with ransomware,” adds Blake. “You can have the best planning in the world, but there’s still going to be things you can’t control. Attackers are always changing their methods; businesses have to be flexible and adaptable.”


[1] Akamai, 2024
[2] Cohesity Global Cyber Resiliency Survey Report, 2024
[3] Ransomware: the true cost to businesses 2024, Cybereason, 2024

Next article