Businesses and governments around the world continue to be plagued by ransomware and the problem has gotten so bad that some now believe that ransomware threats are equivalent to terrorism.
To learn more about how InfoSec leadership is responding to the growing risk of ransomware attacks, the cybersecurity firm Venafi surveyed 1,506 IT security officers across the US, UK, Germany, France, Benelux and Australia.
The survey found that ransomware attacks increased by 93 percent in the first half of last year alone when compared to the same time period in 2020. To make matters worse, data from Cybersecurity Ventures revealed that by the end of last year, an organization was estimated to be hit with a ransomware attack every 11 seconds.
In June of last year, the US Department of Justice (DOJ) said that the agency would begin treating ransomware attacks at the same level it previously reserved only for terrorism. FBI Director Christopher Wray echoed this sentiment and went so far as to compare ransomware attacks to the 9/11 terrorist attacks. Venafi found that overall, 60 percent of InfoSec leaders agree with the DOJ's decision to prioritize ransomware threats at the same level as terrorism according to a new report from the cybersecurity firm detailing the findings of its survey.
To pay or not to pay
Of those surveyed, 67 percent of respondents from organizations with over 500 employees reported falling victim to a ransomware attack last year. However, that figure rose to 80 percent among respondents at organizations with 3,000 to 4,999 employees.
Venafi's report also found that eight percent of the companies that did suffer a ransomware attack last year paid a ransom to their attackers. At the same time though, 22 percent of respondents said that they believe it is morally wrong to pay a ransom even if an attack seriously compromises critical business data or systems.
One of the reasons that some organizations opt to pay their attackers is due to the fact that ransom payments don't have to be publicly disclosed even under this year's new National Defense Authorization Act. If this were to change though, 57 percent of respondents said that they would reverse their decision to pay to unlock their data and systems.
Vice president of ecosystem and threat intelligence at Venafi, Kevin Bocek explained how built-in security controls can aid organizations in fending off ransomware attacks, saying:
“Organizational environments now extend far beyond traditional perimeters, and so we can no longer rely on yesterday’s tools to win this high-stakes battle. Controls like code signing, restricting the execution of malicious macros and limiting the use of unsigned scripts based on corporate security policies use a high level of automation to prevent ransomware in our machine-centric, digitally transformed world.”