A recent survey found yet another series of concerning figures, as the recent ongoing pedal-to-the-metal digitization outpaces most organizations that are almost waiting for ransomware attacks to happen.
High Global Vulnerability To Ransomware Attacks
Veritas Technologies surveyed over 2,000 IT leaders worldwide whose organizations have tried to pursue pandemic-led digital transformation and concluded that the majority are dangerously vulnerable to ransomware attacks since they have been unable to keep pace with the changes.
Actually, organizations would have to spend an average of $2.47 million on improving their technology strategy within the next year. In addition, the average organization saw almost three ransomware attacks that resulted in downtimes in the past twelve months, and 10% were affected by ransomware more than five times.
Chief security scientist and Advisory CISO at ThycoticCentrify Joseph Carson explains, “Ransomware is one of the top threats all organizations are facing today and a threat that can quickly bring an organization to a complete stop. It’s important to not only have an incident response plan in place but also be incident-ready. This means that you must practice and test your response plan.”
“Over the past year, many organizations accelerated their digital migration to cloud services in an attempt to stay productive while employees converted to working remotely. This major migration meant many organizations have simply moved the same security controls used on-premise and adapted them to their cloud environment. As a result, this has seriously increased risks and exposure for those organizations,” he added.
Additional findings uncovered more grim figures:
- The cloud technology presents the most significant vulnerabilities to ransomware, as only 61% of respondents believe that their organizations’ security protocols have fully kept pace with their digitization measures — the largest weaknesses being cloud technology (56%) and security (51%).
- The flaws in technology strategies have consequences, as companies with at least one gap in their technology roadmap have been affected, on average, by circa five times more ransomware attacks leading to downtime in the last year than those with no gaps.
- Security can’t keep up with digitization, as only 61% of respondents believe that their organization’s cybersecurity strategies have fully kept up since the implementation of COVID-led digital transformation initiatives, with 39% seeing some type of security deficiency.
- No company is immune, with a jaw-dropping nine out of ten (88%) of organizations reporting downtime in the past 12 months.
Moving To Cloud Technology Is A Challenge
“When moving to cloud services, organizations must adapt security controls that enhance cloud security. Over the past few years, we have been discussing how the cloud can be secure by design. However, we must move beyond this term and move to secure by default, which means security must be on and used,” Carson noted.
“Unfortunately for many organizations, they have migrated to cloud services. But, as security is not enabled by default, this has resulted in attackers taking advantage of these misconfigurations targeting organization’s cloud assets. This can easily become a nightmare for organizations as cybercriminals are increasing ransomware campaigns, and it is almost a daily occurrence of new victims having to decide on the best way to recover the business.”
As organizations move to cloud services, Carson highlights that leaders must implement new security strategies that leverage cloud assets. “Unfortunately for many organizations, they have migrated to cloud services. But, as security is not enabled by default, this has resulted in attackers taking advantage of these misconfigurations targeting organization’s cloud assets. This can easily become a nightmare for organizations as cybercriminals are increasing ransomware campaigns, and it is almost a daily occurrence of new victims having to decide on the best way to recover the business.”
Douglas Murray, CEO at Valtix, says, “The results of this survey aren’t surprising. Unfortunately, most organizations are dealing with a ticking time bomb of security concerns and technical debt built up over years of fragmented cloud efforts. Multi-cloud makes matters worse. This has left many organizations trying to play catchup while also dealing with the complexity of mastering cloud security – which is fundamentally different from on-premise security.”
“The good news is that it inevitably always comes back to the best practices of defense in depth and ensuring that the right security controls and policy are deployed against every cloud workload. Various technologies can help reduce ransomware risk in the cloud, including network-based intrusion prevention, antivirus, and the segmentation of workloads. By taking a cloud-first approach to these problems, security leaders can set the stage for the future through a cloud-native, multi-cloud security architecture.”
Security Magazine Cloud presents biggest vulnerability to ransomware