The cybersecurity landscape has undergone a seismic change in the last decade. Just ten years ago, it was difficult to find a business leader who could define what ransomware is. Today, most business leaders are not only deeply familiar with this dangerous cyber threat, but many have experienced it firsthand.
Unfortunately, it seems that it will take some time before ransomware starts showing signs of plateauing, at least according to the 2021 Ransomware Survey Report from Fortinet, an American multinational corporation that develops and sells cybersecurity solutions.
The survey makes it clear that businesses and organizations of all sizes can’t afford to let their guard down if they want to avoid costly cybersecurity incidents that could put them out of business.
6 Critical Cybersecurity Policies Every Organization Must Have
Ransomware Attacks Are Up by Over 1,000 Percent
Let’s start with what’s arguably the most frightening statistic featured in Fortinet’s report.
Ransomware grew 1,070 percent between July 2020 and June of 2021.
This staggering increase in ransomware attacks can be attributed to three main factors:
- The disruption caused by the COVID-19 pandemic: in 2020, organizations across most industries were forced to radically rethink their established work routines and leave the closely guarded perimeter of the office. Many employees found themselves working from various remote locations for the first time, unaware of the threats they suddenly had to protect themselves against.
- The increased availability of ransomware-as-a-service products: Ransomware is a huge business, but people with a broken moral compass and a strong desire to make money don’t always have the technical skills to orchestrate a ransomware attack from scratch. More skilled cybercriminals know this and offer various ransomware-as-a-service products that make the process of launching a ransomware attack as easy as clicking a button.
- The large number of high-profile ransomware attacks making the news: Whenever news outlets around the world publish a story about an attacker receiving a large sum of money from an organization to unlock encrypted files, they take notice and become motivated by it. The large number of high-profile ransomware attacks, such as the one on foreign exchange company Travelex or the one that took down some business operations at INA Group, served as an excellent advertisement for ransomware.
Due to these and other factors, organizations are now more likely than ever before to experience a ransomware attack and suffer its consequences. Let’s schedule a meeting to discuss your cybersecurity plan.
Business Leaders Are Rightfully Concerned
For the 2021 Ransomware Survey Report, Fortinet surveyed 455 business leaders and cybersecurity professionals worldwide and discovered that 94 percent of them are concerned about ransomware.
Out of them, 85 percent are more worried about a ransomware attack than any other cyber threat.
Business leaders worry primarily about losing important data, but they’re also acutely aware of other potential risks from a ransomware attack, such as productivity or revenue loss, direct and indirect impact on customers, reputational loss, and more.
Respondents in industries such as healthcare even worry about loss of life or safety, and their worries are justified. A successful ransomware attack on a hospital or critical infrastructure can easily lead to catastrophic results and trigger a whole cascade of life-threatening events.
Despite their rightful concern, only 84 percent of organizations have an incident response plan in place, and 96 percent feel they are only moderately prepared. Unfortunately, being moderately prepared doesn’t cut it in 2021.
Uneven Incident Response Plans
To keep ransomware at bay in the era of hybrid work, it’s important to extend security beyond the traditional network perimeter and segment individual workloads from each other to minimize lateral movement across the network. When implemented correctly, network segmentation can prevent ransomware from spreading from one workstation to the next one until it eventually reaches critical systems.
What’s alarming is that this useful cybersecurity practice is implemented by only 48 percent of organizations surveyed by Fortinet for the 2021 Ransomware Survey Report, and other components of an effective incident response plan don’t fare much better. For example, only 61 percent of respondents had invested in employee cyber training, and even fewer (58 percent) keep offline backups.
Ignoring these staples of a good incident response plan can be a costly mistake, especially considering that almost every other organization doesn’t have a cybersecurity/ransomware insurance policy.
Improving Protection Against Ransomware Attacks
In addition to implementing essential cybersecurity measures, organizations that want to improve their protection against ransomware attacks should also actively explore new security approaches and controls.
A good example is the Zero Trust Security model, which protects against even the most dangerous cyber threats by assuming a breach and verifying each request as though it originates from an open network. Even though the Zero Trust Security model is widely endorsed by everyone from CISA to Microsoft, only 36 percent of business leaders consider it to be essential to secure against ransomware.
That’s because business leaders are, understandably, not cybersecurity experts. Keeping up with the rapidly evolving cybersecurity landscape is a full-time job, so business leaders should delegate it to someone who is passionate about it.
Outsource Ransomware Protection to the Professionals
Who should you delegate the responsibility of ransomware protection?
For large enterprises, that someone may be a chief information security officer (CISO), but small and medium-sized businesses (SMBs) can hardly ever justify building an in-house IT team.
Fortunately, they don’t have to because they can outsource their ransomware protection to a managed cybersecurity services provider like us at OSIbeyond.
Organizations in the Washington D.C., Maryland, and Virginia areas and throughout the U.S. can take advantage of our broad range of cybersecurity solutions and enjoy our customer-oriented approach to security.
Schedule a meeting and discover what makes us the right choice for your business.