A recent survey of global cybersecurity leaders and decision-makers has revealed that organizations may not be as prepared as they believe when it comes to protecting themselves against ransomware attacks. While 84% of participants expressed concern about the threat posed by ransomware, a significant number (78%) felt very or extremely prepared to stop or mitigate a ransomware incident. However, the reality is that many of these supposedly well-prepared organizations had actually experienced a ransomware attack in the previous year.
Throughout 2022, the frequency of ransomware attacks continued to increase, although there was a decrease in year-over-year growth compared to 2021. Researchers recorded the launch of 10,666 new variants of ransomware in the first half of 2022, twice as many as the preceding six months. This growth has been driven by the rise of ransomware-as-a-service (RaaS) operations. Phishing remains the most popular method for attackers to gain access to a network and execute a ransomware attack. Even with end-user training, all it takes is one employee’s error in judgment to provide threat actors with a beachhead into the organization’s systems.
What’s interesting is that ransomware attackers are becoming more selective, focusing on companies that can offer a significant financial return. RaaS operators are narrowing down the associates they work with, unlike the initial success of RaaS, which relied on volume. Although 72% of organizations that experienced a ransomware incident were able to detect it within hours or even minutes, 71% admitted to paying at least part of the ransom demanded. Even with cyber insurance, not all costs were covered, and only 35% of affected organizations were able to fully retrieve their data.
So why do organizations believe they are well-prepared when the reality suggests otherwise? The survey identified several key obstacles. Respondents cited the evolving threat landscape as the biggest challenge, as it is beyond their control. However, other issues such as a lack of understanding about securing networks, poor cybersecurity awareness among employees, lack of a clear chain of command, and difficulty preventing social engineering attacks were all within their control. These contradictions suggest that organizations are not prioritizing essential protections effectively.
To bridge this gap between perception and reality, organizations must focus on the factors they can control, including people, processes, and technology. A key takeaway from the survey was the importance of training employees and establishing effective procedures. While the security team plays a vital role in keeping the organization secure, every employee has a part to play in thwarting attackers. Ongoing cybersecurity awareness education and training programs are essential components of any risk management plan.
The survey also highlighted the limitations of relying on individual security products. Organizations that used a point product approach were more likely to fall victim to ransomware attacks. Instead, a holistic approach that combines technologies, enhances employees’ cybersecurity awareness, and establishes clear protocols is necessary.
In conclusion, the delta between perception and preparedness for ransomware protection is a significant challenge for organizations. While there is a growing concern about the threat of ransomware, the reality is that many organizations are not as prepared as they believe. To address this discrepancy, organizations must invest in essential protections, prioritize employee training, establish clear protocols, and take a holistic approach that considers people, processes, and technology. Only by doing so can organizations effectively safeguard their networks and data from ransomware attacks.