Many businesses payout to ransomware attacks according to reports. The study showed that companies gave in to the demands of crooks at least once.
Many Businesses Payout to Ransomware Attacks
Despite the fact that cybersecurity experts and law enforcement agencies keep warning against giving in to ransome demands, many organizations still paid their way out on at least one incident and occasion.
As per the 2023 Global Cyber Confidence Index from ExtraHop, a network detection and response (NDR) company, of all the businesses that suffered a ransomware attack, 83% of them admitted to paying the perpetrators in question at least once.
And at the same time, the number of attacks has dramatically risen in recent years. ExtraHop reveals that in 2021, an average company reported suffering four attacks in five years. And in the previous year, however, it was four attacks in one single year. The researchers said that this was made possible, among many other things, due to significant debt in security.
The Reason for Security Flaws in Organizations
Organizations in fact are drowning in unaddressed security vulnerabilities like unpatched software, shadow IT, unmanaged devices, insecure network protocols, and other similar issues.
Over three-quarters (77%) of IT decision-makers stated that outdated cybersecurity practices were to blame for at least half of the happenings that were experienced by them. But however, at the same time, less than a third stated that they would be addressing these said issues at once.
Almost all at the moment (98%) are running at least one insecure network protocol, which is up 6% year-on-year. SMBv1, which is a protocol that “played a significant role” in WannaCry and NotPetya, is in use by over three-quarters (77%) of companies today.
In addition to all of this, 53% of companies are running critical devices that can be accessed and also controlled from a remote location, while 47% on the other hand have some critical devices exposed to the public internet.
What Experts Have To Say About the Development
“As organizations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,” ExtraHop’s Chief Risk, Security, and Information Security Officer, Mark Bowling stated.
“The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt. The liabilities, and, ultimately, financial damages that result from this deprioritization compounds cybersecurity debt and opens organizations up to even more risk.”
“Greater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.”
MORE RELATED POSTS
- How Soon can you File a Claim after Getting Insurance – Are there Rules for Reporting and Filing a Claim?
- How Long Does Insurance Have to Pay a Claim – Can Insurance Deny a Claim?
- How Long Does a Car Insurance Claim Take?
- Car Insurance Claim time Limit Progressive – What is Insurance Bad Faith?
- This Odd Ransomware Deletes Your Data A Few Bytes at a Time