NEW YORK–(BUSINESS WIRE)–Semperis, the pioneer of identity-driven cyber resilience for enterprises, today announced the availability of its 2020 study “Recovering Active Directory from Cyber Disasters,” which is based on a survey of over 350 identity-centric security leaders. The report highlights the current state of cyber preparedness as it relates to recovering Microsoft Active Directory (AD) from ransomware and wiper attacks.
One of the most noteworthy findings in the study revealed that although 97% of organizations surveyed said that AD is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all. This discovery is alarming given the rise of fast-moving ransomware attacks and the widespread impact of an AD outage.
“The expanded work-from-home environment makes organizational identity a priority and also increases the attack surface relative to Active Directory,” said Charles Kolodgy, Principal at Security Mindsets. “As the Semperis survey points out, over 50% of organizations have no AD cyber disaster recovery plan or have not tested what they have. An AD failure resulting from a cyberattack caused by ransomware could be catastrophic to any unsuspecting or unprepared business.”
Key research findings:
- AD outages have a serious business impact. Almost every respondent (97%) said that AD is mission-critical to the business, and 84% said that an AD outage would be significant, severe, or catastrophic.
- AD recovery failure rate is high. Most respondents (71%) were only somewhat confident, not confident, or unsure about their ability to recover AD to new servers in a timely fashion. Only a tiny portion (3%) said they were “extremely confident.”
- AD recovery processes remain largely untested. Exactly one-third of organizations (33%) said they have an AD cyber disaster recovery plan but never tested it, while 21% have no plan in place at all. Out of the entire poll, just 15% of respondents said they had tested their AD recovery plan in the last six months.
- Organizations expressed many concerns about AD recovery, with the lack of testing being the number one concern. This includes organizations that have not tested AD recovery at all and those who have tried but failed.
“In today’s cloud-first, mobile-first world, dependency on Active Directory is rapidly growing and so is the attack surface,” said Thomas LeDuc, Vice President of Marketing at Semperis. One survey respondent even noted that a prolonged AD outage would be akin to a nuclear inferno. So, it’s clear that while organizations understand the importance of AD, they are a step behind in securely managing it, particularly as they support an expanding ecosystem of mobile workers, cloud services, and devices.”
As the gatekeeper to critical applications and data in 90% of organizations worldwide, AD has become a prime target for widespread cyberattacks that have crippled businesses and wreaked havoc on governments and non-proﬁts. In partnership with Semperis, the Identity-Defined Security Alliance (IDSA) included the following security guidance for AD in the latest iteration of IDSA Best Practices:
- Minimize Active Directory’s attack surface: Lock down administrative access to the Active Directory service by implementing administrative tiering and secure administrative workstations, apply recommended policies and settings, and scan regularly for misconfigurations – accidental or malicious – that potentially expose your forest to abuse or attack.
- Monitor Active Directory for signs of compromise and roll back unauthorized changes: Enable both basic and advanced auditing and periodically review key events via a centralized console. Monitor object and attribute changes at the directory level and changes shared across domain controllers.
- Implement a scorched-earth recovery strategy in the event of a large-scale compromise: Widespread encryption of your network, including Active Directory, requires a solid, highly automated recovery strategy that includes offline backups for all your infrastructure components as well as the ability to restore those backups without reintroducing any malware that might be on them.
To download “Recovering Active Directory from Cyber Disasters,” visit https://pages.semperis.com/recovering-ad-from-cyber-disasters/.
For information about Semperis AD threat protection and recovery, visit www.semperis.com.
Throughout 2020, Semperis surveyed identity and access management (IAM) leaders, IT security professionals, and C-level executives to capture top trends related to recovering Microsoft Active Directory from cyber disasters. Over 350 professionals took part in the survey, including respondents from seven major industry sectors, with Financial Services and Technology representing the most (28% and 19% respectively). The survey incorporated a wide range of business sizes, with 39% of respondents from enterprises with 5,000-25,000 employees, 26% from enterprises with 5,000 employees or less, and 19% from enterprises with over 50,000 employees.
Semperis is the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments. The company provides cyber preparedness, incident response, and disaster recovery solutions for enterprise directory services—the keys to the kingdom. Semperis’ patented technology for Microsoft Active Directory protects over 40 million identities from cyberattacks, data breaches, and operational errors. Semperis is headquartered in New York City and operates internationally, with its research and development team distributed between San Francisco and Tel Aviv.
Semperis hosts the award-winning Hybrid Identity Protection conference. The company has received the highest level of industry accolades; most recently being named Best Business Continuity / Disaster Recovery Solution by SC Magazine’s 2020 Trust Awards. Semperis is accredited by Microsoft and recognized by Gartner.