Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge
A global survey of 2,547 IT and cybersecurity practitioners finds 88% work for organizations that experienced one or more ransomware attacks in the past three months to more than 12 months, with well over half (58%) needing to, as a result, shut down operations and 40% reporting a significant loss of revenues.
Conducted by the Ponemon Institute on behalf of Illumio, the survey also finds 41% of respondents reporting that their organization lost customers. Additionally, 40% said those cyberattacks forced their organization to eliminate jobs. More than a third (35%) said their organization experienced significant brand damage from an attack.
On average the ransomware demanded was $1.2 million, with 51% admitting to having paid to recover their data, However, only 13% said they fully recovered all their data.
Nearly three-quarters (72%) that experienced a ransomware attack didn’t report it to law enforcement. Top reasons for not reporting include fear of publicizing the incident (39%); a payment deadline (38%); and fear of retaliation (38%).
Overall, the survey notes that ransomware attacks impacted 25% of critical systems, with systems being down for 12 hours on average. The survey also finds that, on average, it took 17.5 people allocating 132 hours each to contain and remediate their largest ransomware attack.
A full 44% said they lack the ability to quickly identify and contain attacks, with 49% identifying cloud computing services as being most vulnerable to ransomware attacks. More than a third (35%) said a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.
Desktops and laptops are the most compromised devices (50%), with phishing and the Remote Desktop Protocol (RDP) cited as top entry points for ransomware.
Nevertheless, 54% of respondents said they have confidence in their organization’s ability to mitigate ransomware risk, with multi-factor authentication (MFA) and automated patching/updates being the top two technologies used to combat ransomware at 37% and 36%, respectively. Nearly a third of IT budgets (29%) are allocated to staff and technologies meant to prevent, detect, contain and resolve ransomware attacks, and 40% are confident in the ability of employees to detect social engineering lures, the survey finds.
More than half of respondents (52%) said unpatched systems are targeted for lateral movement but only 27% have implemented network microsegmentation to contain the blast radius of a cyberattack. Only 42% said their organization has specifically adopted artificial intelligence (AI) to help combat ransomware.
Finally, 52% said having a full and accurate backup is a sufficient defense against ransomware.
Trevor Dearing, director of critical infrastructure for Illumio, said given the prevalence of successful ransomware attacks there is a disconnect between how cybersecurity budgets are being allocated and the technologies needed to actually thwart these attacks. Too much spending, for example, is still being allocated to defending network perimeters versus improving cyber resilience in a way that makes it easier for organizations to thwart and contain ransomware attacks.
The one certain thing is that these attacks are not only as lethal as ever; they are not going away. As such, it’s incumbent on every cybersecurity team to have a plan for responding to ransomware attacks that don’t incur a million dollars or more in payments to a cybercriminal syndicate that will only keep coming back for more.
