Bitglass, a Forcepoint Company, today announced findings from its 2021 Malware and Ransomware Report that show ransomware has become the number one priority on the minds of IT and security leaders and they expect the problem to get worse. Compounding this problem is that IT and Security teams are still trying to figure out how to deal with the rapidly proliferating ransomware threat.
The study, a joint venture with Cybersecurity Insiders, surveyed hundreds of cybersecurity professionals across industries to better understand how the growing malware and ransomware problem has changed the way they protect their organization. With malware, and specifically ransomware, garnering increased attention, these insights are especially relevant to help teams rethink their current cybersecurity strategies.
“With high-profile malware and ransomware attacks capturing recent headlines, organizations have elevated this problem to a top priority,” said Holder Schulze, founder, Cybersecurity Insiders. “However, our research shows that IT and security teams face an uphill battle as they continue to struggle to figure out how to effectively deal with the looming ransomware threat.”
Key Findings from the Bitglass 2021 Malware & Ransomware Report:
Organizations view Ransomware as an “Extreme” Threat
Over half (55%) of organizations see malware and ransomware as an “extreme” threat. Respondents also see malware and ransomware as a serious threat to their organization’s bottom line, citing productivity loss (52%), system downtime (38%) and revenue loss (27%) as results from an attack.
Organizations are Bracing for the Next Ransomware Attack
Seventy-five percent of respondents believe in the next 12 months malware and ransomware will be a larger threat to their organization. Over half of respondents believe a malware or ransomware attack is very (31%) to extremely (23%) likely to happen. IT and security teams are pragmatic when it comes to ransomware and realize they are likely being targeted for an attack. In their minds, it is not a matter of “if,” but “when” an attack will happen.
Cybercriminals are Using Old-School Tactics to Distribute Malware and Ransomware
Cybercriminals continue to use classic social engineering techniques -- phishing emails (61%), email attachments (47%), luring users to visit malicious or compromised websites (39%) -- to get their ransomware in to the organization. This insight highlights the importance for organizations to maintain proper employee cyber hygiene, especially in today’s era of remote working. Interestingly, 49% of respondents shared that the biggest obstacle to improving malware and ransomware defense in their organization is the evolving sophistication of attacks. This suggests that there is a perception that ransomware and malware attacks are becoming more sophisticated, when in fact cybercriminals are leveraging the same tactics they have been employing for years.
IT and Security Teams Are Moderately Confident When It Comes to Ransomware
Nearly half (41%) of respondents are moderately confident when it comes to their ability to detect and block malware/ransomware before it spreads to critical systems. Additionally, over 40% of respondents said they are moderately confident in their ability to remediate ransomware after it locks or encrypts data.
Organizations are Ignoring Zero Trust
When asked how they protect their organizations from ransomware, over half (55%) of respondents said they back up critical data and assets. Interestingly, only 29% have implemented a Zero Trust Architecture which has emerged as one of the best approaches currently available to prevent cybercriminals from accessing critical systems and data.