SpyCloud Report: Organizations Unprepared for Ransomware Attacks Despite Confidence in Cyber Defenses
81% of companies are confident their organization’s cybersecurity is above average, yet many fail to implement basic cybersecurity recommendations
SpyCloud, the leader in Account Takeover (ATO) Prevention, today released its 2021 Ransomware Defense Report, an analysis of IT security leaders’ perceived threat of ransomware attacks and the maturity of their cybersecurity defenses.
New @SpyCloud Co Report: 81% of companies are confident their organization’s #cybersecurity is above average, yet many fail to implement basic cybersecurity recommendations to prevent #ransomware attacks.
The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene – 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA).
“The loss of data and resources due to ransomware attacks can be debilitating. Though organizations are taking this threat seriously, too many are failing to take basic preventative steps. This report indicates a disturbing misplaced confidence that defenses never fail or that paying a ransom after an attack will always work – they do, and it won’t,” said Ted Ross, CEO and co-founder of SpyCloud. “Ransomware is a real problem, and it’s growing, but there are concrete steps organizations can take to prepare. Proactively implementing preventative solutions is the key to disrupting ransomware early in the lifecycle and successfully mitigating the damage.”
Key highlights from the State of Ransomware Report include:
- Organizations are not optimistic about the ransomware problem. 62% of respondents believe a ransomware incident is likely to occur in the next 12 months.
- 72% of surveyed organizations were affected by ransomware from August 2020 – August 2021, with 13% affected 6-10 times.
- 79% agree that reports of high-profile attacks (including SolarWinds and Colonial Pipeline) have “significantly elevated” their organization’s concerns about weak or stolen credentials used by employees and customers.
- Despite ranking compromised credentials as a high-risk entry point for ransomware attacks, most organizations lack even the simplest practices for shoring up passwords and authentication.
- 41% don’t have a password complexity requirement and only 55.6% have implemented multi-factor authentication (MFA).
Mitigating Fallible Defenses with Proactive Prevention
Organizations reported the average cost of ransomware recovery at $1.85 million in 2021, more than double the 2020 price tag of $760,000. Despite the explosion of ransomware attacks, individuals are still organizations’ greatest vulnerability – and their best asset in the fight against cybercriminals.
Respondents ranked phishing emails with infected attachments or links as the riskiest vector for ransomware attacks, followed by weak or exposed credentials. Surprisingly, cybersecurity budgets ranked as the least challenging hurdle for organizations.
However, rather than investing in strategies to address common root causes of ransomware attacks, organizations have focused efforts and resources on containing the damage after it occurs. For example, 50.4% have purchased ransomware-specific insurance riders, 36.4% have retained a third-party payment broker and 30% have opened a bitcoin account, even though experts question the effectiveness of each of these measures.
To get ahead of cybercriminals, organizations must focus on mitigating the most common entry vectors. Addressing stolen credentials –– a major cause of ransomware attacks – is critical to disrupting the lifecycle of an attack early. This can be achieved by increasing employee awareness of phishing emails and the risks of using weak and recycled passwords, as well as through implementing MFA.
While better employee awareness, robust authentication and device security are critical, organizations must recognize that even the strongest defenses fail. Solutions that monitor the criminal underground for stolen credentials help protect employees and empower companies with a proactive approach to containing a highly sophisticated threat.