As the gatekeeper to critical applications and data in 90% of organizations worldwide, Microsoft Active Directory (AD) has become a prime target for widespread cyberattacks that have crippled businesses and wreaked havoc on governments and non-profits.

This report is based on a survey of over 350 IT security professionals from mostly midsize and large firms across seven major industry sectors. The goal is to understand the state of cyber preparedness as it relates to recovering AD from ransomware and wiper attacks. Semperis chose this topic for several reasons:

  • The threat landscape is rapidly changing: Back in 2015, Microsoft estimated that 95 million AD accounts were under attack every day. Fast forward to today, and COVID-19 has dramatically changed the workplace. In our cloud-first, mobile-first world, dependency on AD has rapidly grown—and so has the attack surface.
  • Ransomware attacks are incredibly costly: Ransom payments encourage additional attacks, fund terrorism, and do not come with any guarantees. But the alternative is often even more expensive, with global ransomware damages projected to reach 20 billion USD by 2021.
  • Organizations are woefully unprepared: In a widespread outage, you must recover AD before you can recover your business. But according to a poll by the SANS Institute, only one in five organizations have a tested plan in place for recovering AD after a cyberattack.