Despite claiming to be “very” or “extremely” prepared to mitigate ransomware attacks, organisations are still falling prey to such attacks, according to a recent industry report.
According to Fortinet’s 2023 Global Ransomware Report, in the past year 78 percent of organisations surveyed said that they are prepared to mitigate an attack, however, it also found that 50 percent had fallen victim to ransomware and almost half were targeted two or more times.
Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training, and no clear chain-of-command strategy to deal with attacks.
Organisations are still paying ransom
The study further revealed that despite detecting incidents within hours or even minutes, a significant proportion of organisations (almost 75 percent of respondents) still made ransom payments.
The percentage of organizations paying ransoms remained high despite being able to detect incidents quickly (72 percent). Manufacturing organisations received higher ransom amounts and were more likely to pay the ransom when compared to other industries. Specifically, a quarter of attacks in the manufacturing sector resulted in ransoms of $1 million or more. Furthermore, while the vast majority of organizations (88 percent) reported having cyber insurance, nearly 40 percent of them did not receive the expected coverage or were denied coverage due to exclusions by the insurer.
Security budgets to increase
Amid challenging global economic environment, concerns about ransomware remain high, and almost all organizations (91%) expect an increase in security budgets over the next year.
According to Fortinet, to secure against ransomware, organisations considered IoT security, SASE, Cloud Workload Protection, NGFW, EDR, ZTNA, and Security Email Gateway as the most crucial technologies.
In the future, respondents prioritised investing in advanced technology powered by AI and ML to enable faster threat detection and central monitoring tools to speed up responses. These investments would help organizations combat the rapidly evolving threat landscape, as cyber-attackers become more aggressive and deploy new elements in their attacks.
