A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.
Cybersecurity company ThycoticCentrify released its "2021 State of Ransomware Survey & Report" on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year.
Of those surveyed, 72% have seen cybersecurity budgets increase due to ransomware threats, and 93% are allocating special budgets to fight ransomware threats. Half of the respondents said they experienced a loss of revenue and reputational damage from a ransomware attack, while 42% indicated they had lost customers as a result of an attack. More than 30% said they were forced to lay off employees as well.
Respondents said the most vulnerable vectors for ransomware attacks were email (53%), followed by applications (41%) and the cloud (38%).
26% of respondents cited the top attack vector was privileged access, followed closely by vulnerable endpoints (25%).
"Organizations are spending their increased cyber security budgets investing in ransomware prevention with network security (49%) and cloud security (41%) solutions. It is interesting to note that in this survey, identity access management (24%), endpoint security (23%) and privileged access management (19%) are lower priorities for budget spend," the survey said.
"The most common steps taken to prevent ransomware attacks include backing up critical data (57%), regularly updating systems and software (56%), and enforcing password best practices (50%). Last on the list was adopting a least privilege posture (34%)."
Experts were not surprised by the survey's findings, considering how many companies have been public about paying ransoms. Major corporations like Colonial Pipeline and JBS admitted to paying ransoms after devastating ransomware incidents, and studies show many organizations end up paying ransoms.
"Naive statements like 'never pay the ransom' simply ignore the reality of the situation and do not have any chance in actually changing anything. Over the years, we have gotten better at recovery from breaches, and attackers are trying new ways to get paid. It has been increasingly frequent in recent months where supply chain breaches are leading to ransom demands to not leak data belonging to the victim organization," said John Bambenek, threat intelligence advisor at Netenrich.
"Frankly, as long as the economics are in favor of paying, most organizations will pay. However, the paying of ransoms doesn't guarantee results."