SpyCloud’s annual Ransomware Defense Report found that 90% of organizations were affected by ransomware over the past 12 months, a concerning jump from last year’s 72.5%.
The report surveyed more than 300 IT security professionals at U.S., UK, and Canadians organizations that have at least 500 employees. Respondents were asked about the threat of ransomware and their companies’ ransomware preparedness over the past 12 months.
Respondents indicate critical gaps in organizations’ cyber defenses. While the report showed organizations are making progress toward stronger prevention, with investments in identity access management tools like multifactor authentication jumping to 96%, they still rely too heavily on tools that fail to mitigate their exposure.
For example, while respondents ranked data backups as their most important ransomware countermeasure, retrieving data after an attack does not neutralize the threat of having it stolen in the first place.
Once an attack has occurred, attackers often share stolen credentials, personally identifiable information, and device and web session cookies on the darknet, perpetuating the cycle of stolen data that enables future attacks. As a result, organizations are more likely than ever to be impacted more than once: Fifty percent were hit at least twice, 20.3% were hit between 6 and 10 times, and 7.4% were attacked more than 10 times.
Another risky source of exposure is the growing threat of malware infections on unmanaged devices, which can be used as an initial access point for a ransomware attack. According to 87% of respondents, reports of credential-stealing malware such as RedLine Stealer have elevated their concerns about this risk.
They also worry about exposure through third-party vendors – so much so that respondents ranked the threat of third-party attacks higher than the threat of ransomware itself. That finding suggests that guarding against insider threats has become exponentially more difficult as the attack surface has expanded. In addition to monitoring their own employees’ devices, preventing supply-chain attacks means organizations must also consider the exposure of partners and vendors with access to corporate networks.
As criminals grow in sophistication, the report shows that organizations must increase visibility and remediate exposed data to turn the tide against ransomware.