Sophos, a security software and hardware company, recently released “The State of Ransomware 2023,” an annual study that examines real-world ransomware experiences of IT/cybersecurity leaders.
The report identifies common attack causes, sheds light on variations based on organization revenue and explores the impact of paying ransoms for data recovery instead of using backups. The study surveyed 3,000 IT/cybersecurity leaders in organizations with 100-5,000 employees across 14 countries in the Americas, EMEA, and Asia Pacific.
Here are the key findings:
Rate of Ransomware Attacks
The research indicates that the rate of ransomware attacks has remained consistent, with 66% of organizations experiencing such attacks in the past year, which is the same as in 2022. Ransomware is considered one of the most significant cyber risks facing organizations due to attackers’ ability to execute large-scale attacks.
In terms of industries, the education sector had the highest likelihood of experiencing ransomware attacks, with 80% in lower education and 79% in higher education reporting attacks. IT, technology, and telecoms, on the other hand, had the lowest level of attacks, suggesting higher cyber readiness and defenses.
The survey also showed variations in ransomware attack rates by country, with Singapore having the highest rate at 84%, while the UK had the lowest at 44%. Austria saw a significant decrease in attack rates, and South Africa witnessed a notable increase.
The research revealed a correlation between annual revenue and the likelihood of ransomware attacks, with a higher revenue associated with a higher propensity for attacks. However, there was no clear relationship between the number of employees and the rate of ransomware attacks.
Causes for Ransomware
The primary root causes of ransomware attacks were exploited vulnerabilities (36%) and compromised credentials (29%), closely aligning with retrospective analysis findings. Email-based attacks accounted for 30% of the root causes, with malicious emails (18%) and phishing (13%) being common. Different industries showed variations in root causes, with media, leisure, and entertainment reporting more exploited vulnerabilities, and central and federal government reporting more attacks involving compromised credentials.
In the context of different industries, the media, leisure, and entertainment sector had the highest percentage of attacks stemming from exploited vulnerabilities (55%), indicating a prevalent security gap in this area.
Central and federal government had the highest percentage of attacks initiated by compromised credentials (41%). This might be due to a higher rate of credential theft, a lower ability to prevent the exploitation of stolen credentials, or a combination of both factors. In contrast, the IT, technology, and telecoms sector reported the lowest rates for both exploited vulnerabilities (22%) and compromised credentials (22%), suggesting strong cyber defenses in this sector. However, this sector did report the highest rates of email-based attacks, with more than half (51%) originating in users’ inboxes.
The Rate of Data Encryption
Data encryption in ransomware attacks has seen a significant increase, with adversaries successfully encrypting data in 76% of such incidents. This marks the highest encryption rate in the last four years, reflecting the growing expertise of cybercriminals who continually enhance and innovate their methods.
Across various industries, almost all sectors struggle to prevent attacks before data encryption occurs, except for one exception. Business and professional services reported the highest data encryption frequency at 92%. Notably, the IT, technology, and telecoms sector stands out, with a lower data encryption rate of 47%, indicating their robust cyber defenses and preparedness in responding to such attacks.
In 30% of ransomware attacks where data was encrypted, the data was also stolen, representing a growing trend among adversaries seeking to maximize their profits. This dual strategy allows them to potentially extort payments by threatening to expose the stolen data or sell it on the black market. The increased occurrence of data theft emphasizes the importance of early intervention to prevent attacks before data can be exfiltrated.
Regarding data recovery, an impressive 97% of organizations that had their data encrypted managed to retrieve it. The most common method for recovery was using backups, employed in 70% of incidents.
TNTMAX’s Biggest Takeaways
Our biggest takeaway from the Sophos report is that we must always be ready for a ransomware attack.
Here are some key steps to follow to become better prepared, according to TNTMAX President Frederic Farcy.
- A strong backup strategy that is monitored and tested is a must.
- Perform risk assessment exposure to understand where your pain points are.
- Disaster recovery testing to ensure you’re always ready for the worst-case scenario.
- Multiple layers of security, combined with daily monitoring. You can never have enough security controls.
- On-going awareness training of the whole staff is key.
To download the full report, click here.
For more information on how TNTMAX can help your business with cybersecurity, call us at (201) 891-8686 or email [email protected].