A record 71% of organizations were impacted by successful ransomware attacks last year, according to a CyberEdge Group report, up from 55% in 2017. Of those that were victimized, 63% paid the requested ransom, up from 39% in 2017.
As to why more organizations today, like Colonial Pipeline, CNA Financial, and JBS Holdings, are paying ransoms, there are three explanations:
- Threat of exposing exfiltrated data. Most modern ransomware attacks not only encrypt compromised data, but also exfiltrate it. Failure to pay a ransom can, and has, resulted in public exposure of highly sensitive data, to the embarrassment of its victims.
- Lower cost of recovery. Many organizations conclude that paying a ransom is significantly less costly than enduring the high cost of system downtime, customer disruptions, and potential lawsuits stemming from publicly exposed confidential data.
- Increased confidence for data recovery. 72% of ransom-paying victims recovered their data last year, up from 49% in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision.
“These days, being victimized by ransomware is more of a question of ‘when’ than ‘if,’” says Steve Piper, CEO of CyberEdge Group. “Deciding whether to pay a ransom is not easy. But if you plan ahead, and plan carefully, that decision can be made well in advance of a ransomware attack. At the very least, a decision framework should be in place so precious time isn’t wasted as the ransom payment deadline approaches.”
People problems persist
Each year, CyberEdge asks respondents to rate potential inhibitors that prevent them from adequately defending their organizations from cyberthreats. This year, “lack of skilled personnel” and “low security awareness among employees” were the highest-rated concerns, as they have been for the last three years. In other words, the two biggest persistent problems are not budget or technology-related, but rather people-related.
According to this year’s report, 84% of responding organizations are experiencing a shortfall of skilled IT security personnel. IT security administrators (41%), IT security analysts (33%), and IT security architects (32%) are in greatest demand.
Additionally, too many organizations teach their employees how to evade email- and web-based cyberthreats when they’re hired but don’t follow up with additional, periodic training to reinforce those lessons learned. This oversight poses an enormous risk to organizations, as most data breaches stem from inadequately trained employees.
Additional key findings
The report yielded dozens of additional insights, including:
- Increased security spending. A whopping 83% of responding organizations are experiencing growth in their security budgets, up from 78% last year. The average security budget has grown by 4.6% in 2022, up from 4.0% in 2021.
- Hottest security tech for 2022. CyberEdge tracks current and planned investments by security organizations across five technology categories. Among the most sought-after security technologies in 2022 are next-generation firewalls (network security), deception technology (endpoint security), bot management (application and data security), advanced security analytics (security management and operations), and biometrics (identity and access management).
- This year’s weakest links. Mobile devices, industrial control systems/supervisory control and data acquisition (ICS/SCADA) devices, and Internet of Things (IoT) devices top this year’s list of the IT components that are most challenging to secure.
- Watch those APIs. Solutions to protect application programming interfaces (APIs) are embraced by nearly two-thirds (64%) of organizations.
- PII and credentials at risk. Among web and mobile application attacks, personally identifiable information (PII) harvesting and account takeover (ATO) attacks are the most prevalent and concerning.
- Hybrid cloud security headaches. “Detecting unauthorized application usage” (46%) and “detecting and responding to cyberthreats” (45%) top the list of hybrid cloud security challenges.
- Specialty certifications in demand. 99% of the research participants agreed that achieving an IT security specialty certification would boost their careers. Cloud security and software security topped the list of specialty certifications in highest demand.
- Integrating app and data security. “Improved cloud security posture’ and “enhanced security incident investigations” were cited as the top benefits achieved by integrating application and data security into a unified platform.
- Protecting work from home (WFH). To safeguard employees working at home, security teams are relying on anti-virus and VPN products, as well as SD-WAN, network access control (NAC), and mobile device management (MDM) solutions.
- Embracing emerging technologies. The vast majority of organizations have embraced emerging security technologies such as SD-WAN (82%), zero trust network architectures (77%), and security access service edge (SASE) (73%).