Cybersecurity shock: A whopping 83% of ransomware-hit firms paid ransom at least once

Cost of cybersecurity: 83% of ransomware-hit firms paid ransom at least once

  • An alarming 83% of the individuals who were targeted admitted to having paid the ransom on at least one occasion.
  • The data reveals a link between cybersecurity debt and occurrences of ransomware incidents.

The debate over whether organizations should pay ransoms in ransomware incidents often centers around the importance of promoting cybersecurity awareness. Last week, news emerged about Australian financial company Latitude Group Holdings, which announced its decision not to succumb to criminals’ ransom demands following a cyberattack the previous month. They asserted that doing so would harm customers and the broader community by encouraging more attacks.

While a few companies may have followed Latitude’s example by refusing to pay ransoms, a striking 83% of those who fell victim admitted to paying the ransom at least once, according to ExtraHop’s 2023 Global Cyber Confidence Index: Cybersecurity Debt Drives Up Costs and Ransomware Risk report.

The study, contrasting IT leaders’ cybersecurity practices with the actual attack landscape, revealed a significant rise in ransomware incidents – from an average of four attacks over five years in 2021 to four attacks within just one year in 2022.

Now, the costs of data breaches continue to increase yearly. Ransomware payments are also not getting any cheaper, especially with most ransoms being paid in cryptocurrency. Businesses will eventually realize that the cost of paying ransom is actually a lot more than implementing and improving their cybersecurity. Backup and data recovery services need to be prioritized as well as increasing the cybersecurity awareness among employees.

As organizations face a growing number of attacks, the data shows they are overwhelmed by cybersecurity debt – unresolved security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, and insecure network protocols that serve as entry points for malicious actors.

Apart from that, most organizations have not moved on from outdated cybersecurity practices and are lacking good cyber hygiene. Both of these may not be the major cause of ransomware but are contributing factors that can enable cybercriminals to easily launch cyberattacks.

Ransomware threats expose flaws in outdated cybersecurity practices

Outdated cybersecurity practices involve using old or obsolete security measures that no longer effectively protect digital assets and information systems. These practices may include weak passwords, lack of multi-factor authentication, failure to update software, and inadequate employee training on current cyber threats.

In the ASEAN region, particularly in Singapore, Malaysia, and Indonesia, approximately 75% of respondents indicate that outdated cybersecurity practices have contributed to at least half of their organization’s cybersecurity incidents.

Relying on outdated cybersecurity practices leaves organizations vulnerable to cyberattacks, data breaches, and financial losses, emphasizing the importance of regularly updating security protocols and staying informed about evolving threats.

The lack of basic cyber hygiene

The study identified considerable gaps in organizations’ fundamental security practices. Insufficient cyber hygiene, which may involve neglecting software updates, using weak passwords, not enabling multi-factor authentication, and failing to provide adequate employee training on emerging cyber threats, can leave organizations vulnerable.

Cybersecurity shock: A whopping 83% of ransomware-hit firms paid ransom at least once

Source – Shutterstock

The research found that 98% of respondents are running one or more insecure network protocols, a six percent increase from 2021. Despite urging from leading technology vendors to retire SMBv1, which contributed significantly to the widespread WannaCry and NotPetya attacks, 77% of organizations still use it in their environments.

Regarding unmanaged devices in Singapore, Malaysia and Indonesia, 57% of respondents report that some critical devices can be remotely accessed and controlled. In comparison, 48% indicate that their critical devices are exposed to the public internet.

The lack of proper cyber hygiene exposes organizations to cyberattacks, data breaches, and financial losses, emphasizing the need for consistent maintenance and security updates to protect against ever-evolving threats.

Cloud security is more important than ever

As organizations increasingly migrate mission-critical applications and sensitive data to the cloud, monitoring cloud workloads has become more crucial than ever. With heightened attention to their cloud environments, 72% of respondents expressed complete or significant confidence in the security of their organization’s cloud workloads.

Mark Bowling, Chief Risk, Security, and Information Security Officer at ExtraHop, noted that as organizations grapple with staffing shortages and dwindling budgets, it is unsurprising that IT and security teams have relegated some of the more basic, seemingly mundane, or expendable cybersecurity requirements to lower priority.

“The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt,” said Bowling. “Greater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.”