Ransomware attacks may be an even larger problem than suspected and could be the tip of the proverbial iceberg. That’s according to the results of a new survey of IT professionals that was released today.
The 2021 State Of Ransomware Report from SpyCloud found that 72% of surveyed organizations were affected by ransomware in the past 12 month; 13% were affected 6-10 times and 5% were affected more than 10 times. According to SpyCloud, “This indicates that the magnitude of the problem may be bigger than many people think—and the high-profile attacks that make the news are but a sliver of the full scope of the problem.”
According to SpyCloud, “In 2020, ransomware rose to the top type of incidents, comprising 23% of all attacks analyzed by IBM Security researchers. Ransomware was also the root cause of 35% of data breaches disclosed publicly between January and October 2020.”
The survey of 250 IT professionals at U.S.-based organizations with at least 500 employees was conducted in August 2021.
Surprising Results
Prevention Issues
The survey found that the majority of organizations that were questioned lack the most basic forms of prevention. Despite seeing compromised credentials as a high risk for ransomware attacks, most organizations lack even the simplest practices for shoring up passwords and authentication.
Password Problems
David Endler, chief product officer and co-founder of SpyCloud, said, "We were surprised to discover how confident respondents were in their preparedness for ransomware attacks.” He noted that, “81% considered their security to be above average or exceptional, but 41% didn’t have password complexity requirements, and only 55.6% have implemented multi-factor authentication.
Critical Lack of Investment
“Budget does not appear to be the issue. Business leaders are willing to devote resources to mature cyber defenses, but there is a critical lack of investment in closing risky entry points before cybercriminals can infiltrate corporate networks,” he said.
Major Fundings
Other major findings of the survey include:
Higher Risks
Phishing emails and compromised credentials are the riskiest entry points. Respondents ranked phishing emails with infected attachments or links as the riskiest vector for ransomware attacks; weak or exposed credentials aren’t far behind.
People Problem
People are the greatest barrier to effective ransomware defense. Despite the rising costs of cybersecurity, budgets are the least of worries for organizations. The biggest hindrance is the lack of skilled security personnel, followed closely by low security awareness among employees.
Making Things Worse
The pandemic has exacerbated both the talent shortage and the human vulnerability in a remote environment. But the problem goes deeper than that – and requires organizations to find new ways to protect employees from themselves.
Ransomware Not Going Away Soon
Ransomware incidents aren’t going away anytime soon. At least not in the next 12 months, according to the survey findings. Only 18% of respondents believe a ransomware incident is not likely to happen at all in their organization in the next year, while 13% believe it’s very likely to happen at least once and 22% believe it’s very likely to happen multiple times.
Recent Actions By Biden Administration
As I wrote last month, the U.S. Treasury Department announced a series of steps aimed at combating the growing number of ransomware attacks. The attacks have created crisis situations for companies and organizations across the country, including Colonial Pipeline, a JBS meat processing plant, and a major agricultural cooperative.
The Treasury’s actions included:
- Attempting to disrupt criminal networks and virtual currency exchanges responsible for laundering ransoms.
- Encouraging improved cyber security across the private sector.
- Increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement.
Advice For Business Leaders
Two Key Factors
SpyCloud’s Endler said, “Prevention and vigilant monitoring are key to getting ahead of ransomware. Respondents agreed phishing emails and weak or exposed credentials were the greatest risk vectors, but organizations often failed to address these key entry points.
Investing In Prevention Is Critical
“Investing in continuous prevention and monitoring at all stages is critical, including urging better password hygiene among employees and deploying monitoring solutions to detect stolen credentials and reset them before criminals can use them to gain a foothold. Defending against ransomware is much easier when organizations can disrupt attacks early in the threat lifecycle, and to do that, businesses must be exponentially more vigilant,” Endler advised.
First Line Of Defense
“While people are businesses’ greatest vulnerability, they are also the first line of defense against ransomware. Business leaders must empower them with preventative measures to protect themselves and their companies,” he counseled.
"may" - Google News
October 19, 2021 at 05:15PM
https://ift.tt/3noR3kL
Ransomware May Be Bigger Problem Than Suspected According To New Report - Forbes
"may" - Google News
https://ift.tt/3foH8qu
https://ift.tt/2zNW3tO
Bagikan Berita Ini
0 Response to "Ransomware May Be Bigger Problem Than Suspected According To New Report - Forbes"
Post a Comment