Skip to main content
banner image
venafi logo

Global Security Report: How Are Organizations Reacting to the Rapid Increase in Ransomware Threats

Global Security Report: How Are Organizations Reacting to the Rapid Increase in Ransomware Threats

December 21, 2021 | Shelley Boose

Ransomware attacks spiked by 250% from Q1 to Q2 of 2021. By the end of 2021, it’s estimated that an organization will be hit by ransomware every 11 seconds. A Venafi-sponsored study conducted by Sapio Research evaluated data from 1,506 IT security officers across the U.S., U.K., Germany, France, Benelux and Australia to explore how InfoSec leadership is responding to the rapidly growing risk of ransomware attacks. See the results in our Global Security Report.

 

Do You Understand the Anatomy of a Supply Chain Attack? Download the White Paper.

The U.S. Department of Justice (DOJ) is giving ransomware attacks a priority level similar to terrorism. The Venafi-sponsored survey asked respondents if they agree with the characterization.

Overall, 60% agree with the DOJ’s prioritization of ransomware threats.  As a manifestation of this concern, almost half of the respondents said they have experienced a ransomware attack over the prior 12 months.

More than three quarters (77%) of the organizations in the study are confident that the security tools they have in place will protect their organization from future attacks. Interestingly, organizations exude this confidence despite the fact that over two thirds of them have experienced a ransomware attack in the last 12 months.

Of particular interest, executives seem to be more confident in ransomware prevention than security leadership, according to the survey, with 80% of directors and C-level executives expressing confidence in their ransomware protection. On the other hand, only 69% of security team leaders were confident in protective measures.

Are organizations adopting the most effective tools to break the ransomware kill chain?

While organizations have security controls in place today to help protect against or limit the impact of a ransomware attack, many of these security controls are not optimized for perimeterless networks where DevOps methodologies and software-defined networks require different security strategies to break the ransomware kill chain. And these tools have very low adoption rates, according to the study.

Current security controls used protect against or limit the impact of a ransomware attack:

  • 43% VPN
  • 36% Regular encrypted backups
  • 35% Anti-phishing
  • 31% Vulnerability scanning
  • 29% Secure domain controllers
  • 28% Require all software be digitally signed by their organization before employees are allowed to execute it
  • 25% Regular patching program for applications and OS
  • 25% Configuration management
  • 25% Business transaction logging
  • 21% Remote services and RDP
  • 21% Restrict execution of all macros within office documents
  • 18% Restrict use of PowerShell using group policy

Of the tools listed above, only three are designed to add specific new layers of control for cloud and DevOps environments that help to break the ransomware kill chain: internal code signing, restricting macros and restricting PowerShell scripts. Yet these three tools have very low adoption rates.

  • 28% of organizations require that all software be digitally signed by their organization before employees are allowed to execute it.
  • 21% of organizations restrict execution of all macros within Microsoft Office documents.
  • 18% of organizations restrict use of PowerShell using group policy.

Digital code signing, is currently being used by only 28% of respondent organizations overall, despite it being a deterrent to ransomware attacks. And while a higher percentage of large organizations (5,000 or more employees) employ digital code signing as a control, that percentage is well below 50% despite the fact that such a high percentage of these organizations have already experienced ransomware attacks.

Restricting execution of unsigned Office macros can negatively impact productivity. However, 43% of all malware downloads are malicious Office documents in July 2021, up from 20% at the beginning of 2020.[i]

Moral dilemma for organizations paying ransomware

Almost 1 in 10 (8%) of the organizations who have suffered a ransomware attack in the last 12 months paid the ransom but 22% believe it is morally wrong to pay a ransom even if it had seriously compromised critical systems of data—and this figure rises to 34% when looking at business owners, according to the survey.

However, of those who would pay a ransom, if they had to publicly report payment, 57% of people would change their decision to pay.

Investing in ransomware prevention

More than three quarters (77%) of the organizations say they will increase spending on ransomware security controls over the next 12 months, indicating that security teams realize their current strategies do not provide enough protection. These investments can be justified because the cost of a ransomware attack can quickly rise far beyond the cost of the ransom price itself.

In 2020 the total amount of ransom paid by cyberattack victims was close to $416 million. This figure is projected to double in 2021 and double again in 2022. And the total average cost to rectify ransomware attacks is estimated to be US$1.85 million, more than double the US $761,106 cost reported in 2020, according to Sophos.

The rising costs of a ransomware attack and the increasing frequency of attacks require more sophisticated security controls, explains Kevin Bocek, vice president ecosystem and threat intelligence at Venafi.

“Organizational environments now extend far beyond traditional perimeters, and so we can no longer rely on yesterday’s tools to win this high-stakes battle,” says Bocek.

“Controls like code signing, restricting the execution of malicious macros and limiting the use of unsigned scripts based on corporate security policies use a high level of automation to prevent ransomware in our machine-centric, digitally transformed world,” according to Bocek.

Related Posts

[i] Netskope. Hey, You, Get Out of My Cloud. July 2021

Like this blog? We think you will love this.
machine-identity-summit-hunt
Featured Blog

Machine to Machine Communication in Early EVs was Appalling: Troy Hunt at Summit

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Shelley Boose
Shelley Boose

Shelley is Director of PR and Content Marketing at Venafi. In her own words, "I help companies translate complex technologies into engaging and compelling, digital stories."

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more