A global survey of 1,456 cybersecurity professionals conducted by Censuswide on behalf of Cybereason, a provider of an extended detection and response (XDR) platform, found nearly three-quarters (73%) of respondents admitted their organization was targeted by at least one ransomware attack in the last two years, with a quarter (25%) indicating that the attack had impacted their organizations’ operations.
Only about 22% of the respondents impacted by the attack admitted they paid a ransom to recover data. However, 80% of those organizations were hit by ransomware a second time, with 68% reporting the second attack came less than a month after the first. More than two-thirds of the victims that were attacked a second time (67%) also noted the ransom demand was higher than the first time they were victimized. Nearly 30% said they paid a ransom because of the risk to human life due to system downtime, while 49% said the need to stem revenue loss convinced them to pay while 41% cited the need to expedite recovery as the main driver for payment.
Nearly one-third (31%) of respondents were forced to temporarily or permanently suspend operations following a ransomware attack. More than half (54%) said that some or all of the data was corrupted during the recovery process. On average, losses ranged anywhere from $1 million to $10 million for 67% of respondents that said they were impacted. Nearly 40% said their organization laid off staff as a result of the attack. Just over a third (35%) said the breach resulted in C-level resignations.
Sam Curry, chief security officer for Cybereason, said the survey results made it clear that engaging with ransomware gangs is a losing proposition. Many will simply sell what they know about an organization’s vulnerabilities to another ransomware gang. The only effective ransomware defense is to ensure the right platforms, processes and people are in place to either prevent or at least limit the scope of a ransomware attack.
In general, most respondents (88%) said they remain confident they have the right talent in place to defend against ransomware attacks. However, 60% of respondents admitted that ransomware gangs were in their network up to six months before they discovered them. Nearly two-thirds (64%) of respondents that were breached said they believe the ransomware criminals breached their network via one of their suppliers or business partners.
A full 93% of respondents said their organizations now have a cyberinsurance policy in place, with 84% reporting that policy specifically covers ransomware attacks. Other measures being adopted include hiring additional cybersecurity talent (51%), security awareness training (50%) and cybersecurity technologies (47%).
Unfortunately, it doesn’t look like the current ransomware scourge will abate any time soon. There’s a lot of research underway that is focused on using machine learning algorithms to stop ransomware attacks in progress, but that may be years away from fruition.
In the meantime, ransomware gangs are becoming more proficient at both targeting specific victims and launching attacks at scale. Ransomware gangs are now even looking to hold entire countries, such as Costa Rica, hostage. Unfortunately, it’s still too easy for ransomware gangs to prevail. In many organizations, a simple mistake can have devasting consequences. The challenge now is to limit the amount of data that can be taken hostage during an attack as much as possible.