[pxc]

Companies spend a ton of money on very sophisticated, powerful, invasive, and expensive software to protect themselves against ransomware.

But the best antidote to many forms of ransomware isn't security software at all— it's offline backups.

Like so much in cybersecurity, an analysis by spending categories like this feels like vendors and their marketing teams driving the discourse. Even if we accept that dollars provide the right lens through which to look at this problem, companies that spend more on making sure they have good backups and good restore procedures aren't going to show up as spending more on cybersecurity in this kind of analysis.

[CodesInChaos]

The company losing access to the data is only one half of the ransomware thread. The other half is unauthorized parties gaining access to the data. Backups only protect against the former.

[pxc]

That's true, but the leakage component is characteristic of many kinds of breaches and not specific to ransomware. Likewise its defenses are not ransomware-specific.