ransome ware in 2021Leading research and marketing firm CyberEdge Group, which serves companies in the cybersecurity industry, just published its ninth Cyberthreat Defense Report (CDR). This report acts as the standard for gauging organizations’ security postures, documenting the perceptions of information technology professionals and showing how industries plan to invest in their security infrastructures. The CDR’s findings underscore the increasing role that ransom attacks are playing in our current cybersecurity environment.

According to the CDR, 71 percent of the organizations surveyed were the victims of successful ransomware attacks last year. This figure was up significantly from 55 percent in 2017. Almost two-thirds of the companies that experienced ransomware attacks paid the requested ransom, up from only 39 percent in 2017. The CDR hypothesizes that there are three reasons for this increase:

  • The threat of public exposure of highly sensitive data.
  • Lower cost. Companies believe that it will be less costly to pay the ransom than to experience lengthy downtimes, customer unhappiness, and potential lawsuits that could come to pass if they attempt to fight the criminals.
  • Greater confidence that the ransomed data will be successfully recovered.

All of these factors seem to have combined to make the instigators of ransomware attacks even more motivated to keep launching them.

Even so, other internal reasons at play could explain the continued success that cyber attackers are enjoying. The CDR points to two additional elements, lack of skilled personnel and low-security awareness among employees. The report also indicates that a whopping 84 percent of organizations surveyed are amid a severe shortage of IT security personnel. There are also shortfalls when it comes to security administrators, analysts, and architects. Combine these lacks with insufficient ongoing training of employees that protects against email phishing and emphasizes the importance of strong passwords. The way is paved for digital criminals to insert themselves into digital systems.

The report also detailed several other interesting findings:

  • 83 percent of responding organizations have increased their security budgets, with the average being by 4.5 percent. 
  • The hottest security technology includes next-generation firewalls, deception technology to promote endpoint security, bot management, biometrics, and advanced security analytics.
  • The most challenging items to keep secure include mobile devices, industrial control systems/supervisory control and data acquisition (ICS/SCADA)devices, and the internet of things (IoT). 
  • Nearly two-thirds of the responding organizations have put mechanisms in place designed to protect Application programming interfaces (APIs).
  • When it comes to attacks on web and mobile applications, personally identifiable information (PII) is at most risk. Companies are also experiencing harvesting and account takeover (HATO) attacks that are of increasing concern.
  • The most worrying hybrid security challenges include detecting unauthorized application usage and identifying and responding to cyber threats.
  • Cloud and software security specialty certifications are in high demand by nearly all IT professionals surveyed.
  • Combining app and data security into a unified platform is cited as leading to an improved cloud security posture and enhanced security incident investigations.
  • Security teams are protecting remote workers with anti-virus and VPN products, SD-WAN, network access control (NAC), and mobile device management (MDM) solutions in response to the ongoing trend of working at home. 
  • The majority of respondents are embracing emerging security technologies, including SD-WAN, zero-trust network architectures, and security access service edge (SASE).

The CDR respondents were made up of 1,200 IT security practitioners and decision-makers employed by a commercial or government entity with a minimum of 500 employees. Participants came from different geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa. The data was compiled based on their answers to a 27-question online survey.