Ransomware is threatening organisations at an increasing rate. In a new global survey conducted by Fortinet, as many as 67% of companies report having been a ransomware target – with nearly half saying they had been targeted more than once and almost one in six saying they had been attacked three or more times.
This was revealed in Fortinet’s 2021 Global State of Ransomware Report.
Because of this, 94% of organisations indicate that they are concerned about the threat of a ransomware attack, with 76% being very or extremely concerned. In fact, 85% are more worried about a ransomware attack than any other cyber threat. Their top concern (62%) about it is the risk of losing data.
Today’s businesses run on data. So, while loss of productivity (38%) and the interruption of operations (36%) are also top concerns, they are events that can be recovered from much more quickly than a significant loss of data.
Recent high-profile cases include the Colonial Pipeline attack that disrupted oil and gasoline distribution across the United States’ East Coast region and the JBS Foods attack that led to concerns about a global meat shortage have helped fuel those concerns.
John Maddison, EVP of Products and CMO at Fortinet, said: “According to a recent FortiGuard Labs Global Threat Landscape report, ransomware grew 1070% year over year. Unsurprisingly, organisations cited the evolving threat landscape as one of the top challenges in preventing ransomware attacks.
“As evidenced by our ransomware survey, there is a huge opportunity for the adoption of technology solutions like segmentation, SD-WAN, ZTNA, as well as SEG and EDR, to help protect against the threat of ransomware and the methods of access most commonly reported by respondents. The high amount of attacks demonstrates the urgency for organisations to ensure their security addresses the latest ransomware attack techniques across networks, endpoints, and clouds. The good news is that organisations are recognizing the value of a platform approach to ransomware defense.”
Based on the technologies viewed as essential, organisations were most concerned about remote workers and devices, with Secure Web Gateway, VPN and Network Access Control among the top choices. While ZTNA is an emerging technology, it should be considered a replacement for traditional VPN technology. However, most concerning was the low importance of segmentation (31%), a critical technology solution that prevents intruders from moving laterally across the network to access critical data and IP.
Likewise, UEBA and sandboxing play a critical role in identifying intrusions and new malware strains, yet both were lower on the list. Another surprise was secure email gateway at 33%, given phishing was reported as a common entry method of attackers.
The top concern of organisations regarding a ransomware attack was the risk of losing data, with the loss of productivity and the interruption of operations following closely behind. In addition, 84% of organisations reported having an incident response plan, and cybersecurity insurance was a part of 57% of those plans. In regards to paying ransom if attacked, the procedure for 49% was to pay the ransom outright, and for another 25%, it depends on how expensive the ransom is. Of the one-quarter who paid ransom, most, but not all, got their data back.
The report is based on a global survey of IT decision-makers. The survey was conducted in August 2021 with 455 business leaders from small as well as mid to large-sized organisations worldwide. Survey participants are IT and security leaders from 24 different countries, and represent nearly all industries, including the public sector.
