As ransomware flourishes and attackers’ techniques get more sophisticated, organizations of all sizes and industries are targets. For this reason, security leaders must immediately invest in the appropriate technologies, people and processes to avoid a ransomware attack in the future.
Yet, when it comes to ransomware protection, there’s a delta between perception and preparedness. In other words, overall, many organizations think they’re more prepared than they really are. Let’s look at this delta and what’s behind it – namely, it’s that organizations aren’t always prioritizing essential protections.
Examining the realities
In a recent survey of global cybersecurity leaders and decision-makers, 84% of participants stated they were very or extremely concerned about the threat posed by ransomware, which is an increase over the 76% of participants who expressed the same degree of concern in 2021. Although there’s a significant amount of fear, 78% of respondents felt very or extremely prepared to stop or mitigate a ransomware incident.
Interestingly, here’s where feeling and reality diverge. Half of those polled who said they were well-prepared experienced a ransomware attack in the previous year, and almost half had two or more attacks.
Following the meteoric rise of this attack tactic in 2021, year-over-year ransomware growth decreased in 2022, although its frequency continues to increase. For instance, our researchers recorded the launch of 10,666 new variants in the first half of 2022, which is twice as many as were recorded in the preceding six months – largely driven by ransomware-as-a-service (RaaS) operations.
Not surprisingly, phishing is still the most popular method for bad actors to enter a network and execute a ransomware attack was phishing. Unfortunately, even with any end-user training organizations may provide, all it takes for threat actors to establish a beachhead is one employee’s error in judgment.
Attackers are also pickier now, concentrating on companies that can offer a significant financial return. RaaS operators are gradually becoming more selective about the associates they allow to work for their operations, in contrast to RaaS’s early success, which initially depended on volume–more affiliates meant more opportunities to breach networks and execute attacks.
Even though 72% of the firms that had a ransomware incident said they discovered it within hours (sometimes within minutes), 71% said they paid at least some of the required ransom. Even while almost all the participants had cyber insurance, it didn’t ensure that all costs would be covered or that the data would be returned. Actually, just 35% of firms that were hit by ransomware were able to fully retrieve their data.
Digging into the why
It’s easy to understand why many organizations believe they’re prepared; the survey showed that most are actively working to guard against ransomware. However, the reality Is that many aren’t prioritizing essential protections.
For the second time, respondents cited the evolving threat landscape as their greatest obstacle to stopping attacks, an element beyond their control. Yet the runner-up issues–a lack of understanding regarding how to properly secure their networks from a ransomware attack, a lack of employees’ cybersecurity awareness, a lack of a clear chain of command, and difficulty preventing employees from being duped by social engineering–were concerned with people and processes. Those are all elements within their control and contradict their sense of being ready for a ransomware attack.
Flipping the script
How can organizations make reality more closely resemble perception? That is, how can they make their networks and data safer from ransomware? One key takeaway is that there needs to be more focus on the factors that organizations can control, which are those that involve people and processes – and of course, technology.
Although many security leaders have long held the belief that selecting the best individual product for a specific need will result in the strongest cybersecurity, this survey data shows that the organizations that said they use a point product approach were the most likely to be victimized by ransomware.
It’s impossible to overemphasize how crucial it is to train your staff and establish effective procedures. While the security team is ultimately in charge of keeping a business secure, keep in mind that every employee has a part to play in thwarting attackers. Because employees are frequently an organization’s first line of defense against attacks, continuing cybersecurity awareness education and training programs are an essential component of your risk management plan.
Bridging the gap: Prioritizing ransomware protection
The delta between perception and preparedness for ransomware protection poses a significant challenge for organizations. Cybersecurity leaders are obviously concerned about the ransomware threat, but it’s interesting to observe the disconnect between the perception of preparedness and the reality of their vulnerability. The rise of sophisticated ransomware attacks, such as those facilitated through phishing, has exposed the limitations of traditional security measures.
To bridge this gap, organizations must prioritize essential protections by investing in technologies, enhancing employees’ cybersecurity awareness, establishing clear protocols, and embracing a holistic approach that encompasses people, processes and technology. By doing so, organizations effectively safeguard their networks and data.