Although cyber security experts and law enforcement warn against ransom demands, most organizations have still paid at least once.
According to network detection and response (NDR) company ExtraHop's 2023 Global Cyber Trust Index (opens in a new tab), of all organizations that experienced a ransomware attack, 83% admitted paying the perpetrators at least once.
At the same time, the number of attacks has increased significantly in recent years. ExtraHop says that in 2021, the average company reported experiencing four attacks in five years; last year, however, there were four attacks in just one year. The researchers said this was possible, among other things, due to a large security debt.
Drowned in security debt
In fact, organizations are "drowning" in unaddressed security vulnerabilities such as unpatched software, unmanaged devices, shadow computing, insecure network protocols, etc.
More than three-quarters (77%) of IT decision makers said that outdated cybersecurity practices caused at least half of the incidents they encountered, but at the same time, less than a third said they would fix these problems immediately.
Nearly all (98%) use at least one insecure network protocol, an increase of 6% year-over-year. SMBv1, a protocol that "played an important role" in WannaCry and NotPetya, is now used by more than three-quarters (77%) of enterprises.
Additionally, 53% of businesses use mission-critical devices that are remotely accessed and controlled, while 47% have mission-critical devices exposed to the public Internet.
"As organizations are overburdened by staff shortages and shrinking budgets, it's no surprise that IT and security teams have stopped prioritizing some of the basic cybersecurity needs that may seem a little more mundane or consumables," said Mark Bowling, head of risk, safety and security officer at ExtraHop. Information Security Officer.
"The probability of a ransomware attack is inversely proportional to the amount of unmitigated attack surface, which is an example of cybersecurity debt. The liabilities and ultimately financial damages that result from this loss of priority compound cybersecurity debt and expose organizations to even greater risk.
“Gaining greater network visibility with an NDR solution can help reveal the cyber truth and shed light on the most pressing vulnerabilities so they can better control their cybersecurity debt.”