As ransomware evolves, companies whose core business is backup solutions appear to be speaking more loudly about countermeasures beyond security.

They cite the growing strategic value of backups in minimising ransomware damage. Cohesity, which emerged as a major player in the global backup market after acquiring Veritas, is also putting cyber resilience at the centre and accelerating an expansion of backup-focused ransomware response solutions. The company says that if backups are properly done, resilience can be sharply improved even after an attack.

Kit Beall (킷 벨), Cohesity chief revenue officer, said, "Attackers these days focus first on destroying backup systems. They even recruit backup specialists to mount attacks." He added, "Simple backups have limits, and multi-backup is becoming the basic strategy. In addition to general backups, Cohesity also supports storing data off site without network connections and in tamper-proof storage."

Cohesity recently released results of a survey on a cyber resilience grid of 3,200 IT and security leaders globally, including about 200 companies in South Korea.

The survey found that the financial impact of cyberattacks is now extending beyond operations to affect board decision-making, financial planning and overall growth strategy. Among South Korean listed companies, 58 percent (70 percent globally) revised earnings forecasts or financial guidance after an attack, and 58 percent (68 percent globally) experienced share price declines due to cyberattacks.

Among South Korean unlisted companies, 74 percent (73 percent globally) cut innovation and growth budgets and used them for recovery and remediation after an attack. In South Korea, 95 percent of companies (92 percent globally) experienced legal and regulatory penalties such as fines and lawsuits after a cyberattack.

Looking more closely at South Korean companies, 72 percent of surveyed companies experienced damage from attacks. Cohesity says it is a bigger figure than expected.

Among surveyed companies, 44 percent had been attacked in the past 12 months and 16 percent experienced repeated attacks multiple times. The damage was significant. Some 91 percent suffered revenue losses and 49 percent lost customers. It also found that 88 percent of companies hit by ransomware paid money over the past year to resolve the problem.

South Korean corporate IT managers face relatively heavy pressure from executives when a cyberattack occurs. As a result, scenes of wrong decisions are often produced. Lee Sang-hoon (이상훈), head of Cohesity Korea, said, "Unlike other countries, South Korea's biggest problem was management pressure that induces inappropriate decision-making." He said, "46 percent have experienced management pressure to restore systems before an attack is fully resolved."

Cohesity said the message it wants to stress from the survey is that response and recovery are as important as prevention and detection when it comes to cyberattacks. From a resilience perspective, response and recovery are becoming increasingly important, but South Korean companies place relatively greater weight on prevention and detection.

Lee said, "It is time to strengthen resilience. Hackers are recruiting backup specialists as well as security experts. If they infiltrate and infect the data backup system, you are helpless." He said, "The moment an Active Directory (Active Directory, AD: a system that centrally manages corporate users and PC and server accounts, permissions and logins) account is breached, all the IDs and passwords in it are exposed." For reference, AD is a system that centrally manages corporate users and PC and server accounts, permissions and logins.

According to Cohesity, it used to be no big deal where data was stored, but that has changed. Whether it is on-site (a company's own data centre or infrastructure) or in the cloud, and whether the cloud region is in South Korea, is becoming important. Even if a backup is made, it is not reassuring if the backup system is connected to the network. With hackers attacking by recruiting backup specialists, securing backup system accounts is no longer an impossible scenario. One time is not enough, and three rounds of backups are needed.

Lee said, "If the network is physically disconnected, there is nothing hackers can do." He said, "For this, Cohesity provides Air Gap technology." He added, "It also provides immutable technology that makes tampering impossible once data is written." He said, "Again, backups are the last line of defence. If backups alone are safe, recovery is possible."

Cohesity also examined the impact of AI on resilience in the survey. The survey found that as companies integrate various forms of AI into day-to-day operations, many are struggling to manage the speed and scale of adopting generative AI. In South Korea, 86 percent of respondents (81 percent globally) said they were concerned that "the pace of generative AI development is outstripping our ability to respond to risks." At the same time, most companies recognise that generative AI has significant potential to improve detection, response and recovery capabilities.

Sanjay Poonen (산제이 푸넨), Cohesity CEO, said, "Organisations face a paradox between advances in AI and security." He said, "AI will fundamentally change nearly every aspect of business operations. However, the survey results show that most IT leaders are concerned that the pace of AI adoption is outstripping their organisation's risk tolerance." He added, "To move forward in this paradoxical situation, trustworthy, protected and resilient AI-ready data must be the foundation. This is a core foundation of the infrastructure for implementing responsible AI, enabling organisations to confidently pursue innovation without expanding risk exposure."