IDC Survey Finds Over a Third of Businesses Hit by Ransomware

 

IDC Survey Finds Over a Third of Businesses Hit by Ransomware

The International Data Corporation (IDC) yesterday released a survey confirming that over a third of businesses globally suffered from ransomware over the past year. 

The IDC is a global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. It provides analysis and insights to IT decision-makers through its study of international and local technology trends. 

According to its survey, the Manufacturing and Finance industries reported the highest ransomware incident rates. The average ransomware demand approaches a quarter of a million dollars, although some larger ransom demands skewed the average higher. Only 13 percent of affected businesses reported not paying the ransom after the cyber-attack. While the global rate for ransomware attacks charted at 37 percent the U.S. actually had a lower rate of 7 percent. 

“Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street,” said Frank Dickson, program vice president, Cybersecurity Products at IDC. “As the greed of cyber-miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion. Welcome to digital transformation’s dark side!”

Other cybersecurity experts provided commentary on the IDC Survey. 

 

IDC Survey Finds Over a Third of Businesses Hit by Ransomware

Joseph Carson

Joseph Carson is chief security scientist and Advisory CISO at ThycoticCentrify.

“Traditional cybersecurity solutions have failed to prevent ransomware from infecting organizations and creating create mass disruption. Conventional, signature-based antivirus programs are unable to prevent and detect these types of attacks due to the unique and quickly growing variants of ransomware. Encrypting your data doesn’t necessarily deter ransomware attacks either. Attackers may still threaten to publicly disclose that data, expecting that others are willing to pay for the opportunity to break the encryption.

Moving forward, organizations of all sizes must take ransomware extremely seriously as it will continue to be the largest of cyber threats. Ransomware continues to be very costly for many organizations – the price you pay for not being prepared is growing. It only takes one employee with local admin privileges clicking on a malicious email attachment to take down an entire company.

By ensuring that a comprehensive system for monitoring and controlling privileged access credentials is in place, organizations can greatly lower the success rate and risks of a ransomware attack. If attackers do gain initial access to a network, they’ll begin to look for ways to escalate their privileges to fully compromise a network and spread the attack. Privileged access management tools can slow that spread and keep ransomware contained at its inception point (e.g. a single endpoint or set of credentials).”

Scott Devens

Scott Devens is CEO at Untangle.

“As companies continue to pay ransoms, cyber-criminals are becoming more emboldened and turning their focus to ransomware attacks as a lucrative opportunity. These malicious actors are also moving away from holding data hostage and zeroing in on targeting critical infrastructure that can cause disruption to society. The shift comes as they realized they could get larger ransoms faster if their attack had the potential to cause severe consumer pain.

This is leading companies to re-evaluate their IT security teams to add specific skills, such as mobile device management, digital forensics, malware prevention, etc., as hybrid work continues and more IoT devices are brought onto networks. To defend against cyber-attacks, network security professionals will also need to continually stay updated on new technology, educate all employees on the latest schemes, and implement policies such as zero-trust that may be unpopular with staff, but are necessary to prevent attacks.”

Thanks to these experts for their time and expertise. For more, check out the Endpoint Security Buyer’s Guide. Learn more about IDC here.

 

Ben Canner
Follow me