(844) 627-8267
(844) 627-8267

Sophos: Damage to reputation prevents victims from reporting ransomware attacks | #ransomware | #cybercrime

Reputational damage and impact on business are some of the factors preventing organizations from reporting any cyberattack to law enforcement agencies, according to a report by cybersecurity solutions provider Sophos.

Additional findings from Sophos’ annual “State of Ransomware 2024” survey show that not all or 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies for help with the attack. 

While this is encouraging, the remaining 3% may have been further compromising their defenses even if they can defend their networks.

“Companies have traditionally shied away from engaging with law enforcement for fear of their attack becoming public,” said Chester Wisniewski, director, field CTO, Sophos. “If they are known to have been victimized it could impact their business reputation and make a bad situation worse.”

Wisniewski said victim shaming has long been a consequence of an attack, “but we have made progress on that front, both within the security community and at the government level.”

Cyber incident reporting regulations

Recent in-the-field findings from Sophos X-Ops’ Active Adversary report highlighted the continued threat of ransomware to small-and-medium sized businesses. Data from more than 150 incident response (IR) cases in 2023 found that ransomware was, for the fourth year running, the most frequently encountered attack type, occurring in 70% of IR cases Sophos X-Ops investigated. 

About 61% of survey respondents reported they had received advice on dealing with ransomware, while 60% received help investigating the attack. Fifty-eight percent (58%) of those that had their data encrypted received help from law enforcement to recover their data from the ransomware attack.

“New regulations on cyber incident reporting, for example, appear to have normalized engaging with law enforcement, and this survey data shows organizations are taking steps in the right direction,” said Chester Wisniewski, director, Field CTO, Sophos.

The report also saw that more than half (59%) of those organizations that did engage with law enforcement found the process easy or somewhat easy. Only 10% of those surveyed said the process was very difficult. 

“If the public and the private sectors can continue to galvanize as a group effort to help businesses, we can continue to improve our ability to recover quickly and gather intelligence to protect others or even potentially hold those conducting these attacks responsible,” Wisniewski said.

Source link


National Cyber Security