A new global survey that shows that organizations are largely unprepared for ransomware attacks on their data stored in SaaS platforms. Conducted by Odaseva, an enterprise data protection platform for Salesforce, it also found that only half of organizations impacted by an attack on SaaS Data could fully recover.

Attacks on SaaS data are an increasingly common cybersecurity target and they succeed in encrypting SaaS data half the time, leaving only half of the victims able to fully recover. Differentiating from other ransomware studies, the survey queried senior data professionals at enterprises of at least 10,000 employees.

Ransomware attacks are successfully targeting both SaaS and cloud data. 

• The survey reveals that almost half (48 percent) of organizations have experienced a ransomware attack over the past 12 months; SaaS data was the target of more than half of them (51 percent)
• Data in public infrastructure clouds such as Amazon Web Services, Microsoft Azure, and Google Cloud was the top target; endpoints, such as laptops and mobile devices, (61 percent) and on-premises data (56 percent) came in second and third, respectively
• Ransomware attacks on SaaS data were the most likely to be successful, with 52 percent of them penetrating enterprise defences to encrypt the data
• Attacks targeting data in public infrastructure clouds were only successful 42 percent of the time
• On-premises and endpoint data attacks were successful 46 percent and 51 percent of the time, respectively

Only half of enterprises fully recover from ransomware attacks on SaaS data.

• Only half (50 percent) of organizations whose SaaS data was successfully attacked were able to fully recover their data, the lowest rate of all environments, highlighting the urgent need for enterprises to implement an effective SaaS data protection solution
• More than eight in 10 (81 percent) organizations were able to recover all their data from a successful attack on on-premises data; just over half were able to fully recover endpoint (55 percent) and public cloud (53 percent) data

Most enterprises do not fully back up all their SaaS data. Although all companies reported they had some form of SaaS backup, only 43 percent said they backed up all of their SaaS data, which leaves 57 percent of companies at least partially unprotected. Similarly, 59 percent of enterprises don’t protect all of their data in public infrastructure clouds.

Unsurprisingly then, managers and executives at only 28 percent of organizations are “very” confident about their ability to recover after a cloud or SaaS ransomware attack, with 69 percent saying they are “somewhat” confident.

“Especially given how heavily modern enterprises depend on SaaS and cloud apps and data, it was shocking to see that the majority of organizations are not protecting all of their data, leaving it unprotected against a ransomware attack,” said Remy Claret, CMO and co-founder at Odaseva. 

Complex data recovery processes are the number one concern for protecting SaaS data. When asked why they are concerned about their ability to recover, organizations are most concerned that their recovery process for SaaS data is so complex, they could not get up and running quickly following a successful attack (69 percent). They are also concerned that a single user becoming infected could sync the malware into the entire system (56 percent).

Regarding vectors of attack on SaaS data, their top concerns are stolen user credentials (67 percent) and malicious or vulnerable third party apps (58 percent).

“As companies increasingly turn to SaaS applications to run mission-critical business processes, cybercriminals have taken note,” Claret said. “SaaS data is targeted in more than half of all ransomware attacks and half the time these attacks are successful. Organizations need to protect their SaaS data with comprehensive backups, but just as important, they need to ensure they are able to recover that backed up SaaS data quickly enough to avoid damage to the business.” 

The survey was commissioned by Odaseva and fielded by Dimensional Research in August 2022. Independent sources of data stakeholders were invited to participate, resulting in responses from 157 executives or team managers with decision making responsibility for public cloud and SaaS environments from North America, EMEA, and APAC completed the survey. All had decision making responsibility for data solutions for both IaaS and SaaS cloud environments. All worked for a company with more than 10,000 employees. 

The full report, “The State of SaaS Ransomware Attack Preparedness,” can be downloaded from Odaseva here (No registration required).