Survey highlights significant business impacts related to Active Directory outages and attacks

Published: Tuesday, 25 August 2020 06:32

Semperis, has announced the availability of its 2020 study ‘Recovering Active Directory from Cyber Disasters’, which is based on a survey of over 350 identity-centric security leaders. The report highlights the current state of cyber preparedness as it relates to recovering Microsoft Active Directory (AD) from ransomware and wiper attacks.

One of the key findings in the study is that although 97 percent of organizations surveyed said that AD is mission  critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all. This discovery is alarming given the rise of fast-moving ransomware attacks and the widespread impact of an AD outage.

"The expanded work-from-home environment makes organizational identity a priority and also increases the attack surface relative to Active Directory,” said Charles Kolodgy, Principal at Security Mindsets. “As the Semperis survey points out, over 50 percent of organizations have no AD cyber disaster recovery plan or have not tested what they have. An AD failure resulting from a cyber attack caused by ransomware could be catastrophic to any unsuspecting or unprepared business."

Other key findings:

“In today’s cloud-first, mobile-first world, dependency on Active Directory is rapidly growing and so is the attack surface,” said Thomas LeDuc, Vice President of Marketing at Semperis. “It’s clear that while organizations understand the importance of AD, they are a step behind in securely managing it, particularly as they support an expanding ecosystem of mobile workers, cloud services, and devices.”

In partnership with Semperis, the Identity-Defined Security Alliance (IDSA) included the following security guidance for AD in the latest iteration of IDSA Best Practices:

More details