Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, has published its 2022 State of Ransomware Report which finds that things may be looking up in the fight against ransomware.
Cyberattacks using the popular compromising tactic have declined significantly over the past 12 months compared to the previous year and fewer companies are paying ransoms. Still, there are red flags in the annual report related to spending, planning and using cybersecurity tools available to combat ransomware.
The survey of 300 US-based IT decision makers, conducted on Delinea’s behalf by Censuswide, found that only 25% of organizations were victims of ransomware attacks over the past 12 months, a stunning 61% decline from the previous 12-month period when 64% of organizations reported being victims.
Furthermore, the number of victimized companies who paid the ransom declined from 82% to 68%, which could be a sign that warnings and recommendations to not pay a ransom are being heeded. Larger companies are much more likely to be victims of ransomware, as 56% of companies with 100 or more employees said they were victims of ransomware attacks.
Along with these positive results, the survey also raised concerns that a potentially reduced threat could lead to complacency. Budget allocations for ransomware are in decline, as only 68% of those surveyed said they are currently allocated a budget to protect against ransomware versus 93% during the prior year. The number of companies with Incident Response Plans also declined from 94% to 71% and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51%) and using Multi-Factor Authentication (50%).
“The reduction of ransomware attacks is an encouraging sign, but organizations need to make sure they keep their guard up against this constant, evolving threat,” said Art Gilliland, CEO of Delinea. “Staying vigilant by maintaining a strong least privilege approach backed by stronger password protection, authentication enforcement and access controls can help continue this downward trend.”
Mohammad Ismail, Regional Director, Middle East, Delinea, said: “In today’s globalized economy, cybersecurity trends are largely mirrored across international markets.”
He added that while the study focused on US organizations, the ransomware insights it presents can certainly inform businesses in other markets.
Don Boxley, CEO and Co-Founder, DH2i
I would respectfully offer that ransomware is not slowing, but in fact growing at an exponential rate. Recent research from Cybersecurity Ventures backs this up, indicating that ‘by 2031, ransomware will cost victims US$265 billion annually, and it will attack a business, consumer or device every two seconds.’
As a result, this is a major reason why we are seeing software-defined perimeters (SDP) pull-ahead of VPNs as the dominant technology for remotely connecting people and devices. Historically, most recognized that VPNs are buggy and the performance is spotty.
However, most importantly when it comes to ransomware protection, it is now known that due to their inherent design, VPNs allow for fast and easy lateral network attacks from bad actors. SDP on the other hand eliminates VPN vulnerabilities.
With SDP, servers, IoT devices, applications and users can be connected – without the need for VPNs – thereby ensuring reliable network security. In fact, SDP enables its users to build zero trust network access (ZTNA) tunnels that securely connect on-premises sites and/or hybrid and multi-cloud environments. And, direct connect SDP gateways mean no ‘middleman’ data path intrusions. With the right SDP software solution, users can enjoy reliable, secure connectivity with industry-best performance.
I would add that oftentimes it’s not complacency that is getting in the way of progress. An aversion to change can be a tremendous obstacle. Today’s vendors know this, and consequently have purposefully streamlined the evaluation, purchase and deployment process – especially when it comes to new and innovative technology solutions.
Back to the question at hand… While I am of the opinion that ransomware shows few signs of slowing, I would suggest that even if it were, complacency is never an option. On the contrary, vigilance will always be required when it comes to data and operations protection, as well as across virtually every other aspect of data center management.
Steve Santamaria, CEO, Folio Photonics
The prevailing opinion on whether ransomware occurrences have decreased… well, I think that depends on the day and who you ask. An IDC report titled, Ransomware 2022: And You Thought the Problem Could Not Get Any Worse seems to point in one direction, while a report from Chainalysis sees it a little bit differently.
Its The 2023 Crypto Crime Report indicated that 2022 saw a drop in ransomware payments, as more victims refused to pay. Chainalysis stated US$456.8 million was extorted in 2022, down from US$765.6 million the year before. It explained, “… this doesn’t mean attacks are down, or at least not as much as the drastic drop-off in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.”
In whichever camp you reside – ransomware attacks are increasing or ransomware attacks are decreasing – I think we can all agree that ransomware attacks are not going to disappear. At least not anytime soon. And as organizations’ data volumes increase in capacity and become more geographically distributed, it becomes harder to combat an attack. However, with the right data protection strategy in place, refusing to pay has indeed become a viable option.
So how does one go about achieving the right data protection strategy? A multi-pronged approach is your best chance of protecting against ransomware. This should include security software, malware detection, remediation and recovery solutions. From a data storage standpoint, protection of primary data has typically been found in the form of backup to hard disk and/or tape using a myriad of redundant methods.
While protection of secondary data often relies a bit heavier on the secondary storage system itself. As secondary storage needs grow, so will the need to have ransomware-resilient secondary storage systems. Of the current offerings, tape is less expensive, but it demands stringent storage and operating conditions. Spinning rust offers a potentially much faster restore time depending on the redundancy level, but the cost can be exorbitant. Both have relatively short lifespans and can be overwritten at a material level.
When looking at ransomware-resiliency for secondary storage, an ideal solution would combine cost-effectiveness with WORM and air-gap capabilities all while being able to operate under a wide range of environmental conditions. Such capabilities can be found in next gen optical storage.
It offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure and sustainable, not to mention impervious to harsh environmental conditions, radiation and electromagnetic pulses, which are now being commonly used in cyber-warfare.
So, in answer to the original question… Even if some reports continue to imply that there has been a reduction in ransomware, organizations must not become complacent. However, for those that take and maintain the right proactive measures, they can at the least rest a bit easier.
Mark Bowen, Editorial Director, Lynchpin Media
As the Editorial Director of Lynchpin Media, my week is spent reading the huge number of press releases we get sent in every day. From this experience, I can assure you of one thing – organizations should definitely not drop their guard against the threat of ransomware.
We see the occasional report that offers a glimpse of hope and for those we are more than grateful – however the battle against ransomware is certainly not won…or anywhere near it.
Anyone who thinks otherwise is playing with fire or more accurately risking the ability of their company to operate on a day-to-day basis.
A successful ransomware attack can easily disrupt an organization’s operations, making it problematic or actually pretty much impossible to access vital critical data and systems. Not surprisingly, this can result in lost productivity and revenue, as well as damage to the organization’s reputation – and it’s this reputational damage that can have the biggest financial repercussions long-term.
The encryption of an organization’s data and systems always leads to wide-ranging and significant consequences. For instance, if a hospital or healthcare facility is hit by a ransomware attack, patient records and other critical information may be inaccessible, potentially putting patient safety at risk.
Similarly, if a financial institution is hit, it may not be able to access customer accounts or perform critical transactions, causing financial losses and damaging that all-important business reputation. The longer it takes to recover from a ransomware attack, the more significant the impact on the organization’s reputation and relationships with customers, partners and stakeholders. You don’t need to be a genius to work out this is going to hit the bottom line.
Organizations can alleviate the operational effect of ransomware attacks by having vigorous backup and recovery processes in place, as well as by investing in comprehensive cybersecurity solutions to avoid these in the first place. It’s also essential to have a clear incident response plan in place to enable a swift and effective response if an attack does occur.
This is as true today as it’s ever been.Click below to share this article