Although cybersecurity experts and law enforcement warned against giving in to ransom demands, most organizations paid off at least once.
According to the 2023 Global Cyber Confidence Index by Network Detection and Response (NDR). ExtraHop (opens in new tab)of all organizations that suffered a ransomware Attack, 83% admitted to having paid the perpetrators at least once.
At the same time, the number of attacks has increased dramatically in recent years. According to ExtraHop, in 2021 the average company reported four attacks in five years; however, last year there were four attacks in just one year. According to the researchers, this was made possible, among other things, by significant security debts.
Drowning in security debt
In fact, organizations are drowning in unaddressed security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, insecure network protocols, and the like.
More than three quarters (77%) of IT decision makers said outdated cybersecurity practices were responsible for at least half of the incidents they experience, but at the same time less than a third said they would address these issues immediately.
Almost all (98%) use at least one insecure network protocol, up 6% from last year. SMBv1, a protocol that “played a significant role in WannaCry and NotPetya,” is now used by more than three-quarters (77%) of organizations.
Additionally, 53% of organizations operate critical devices that can be accessed and controlled remotely, while 47% have exposed some critical devices to the public internet.
“With organizations overwhelmed by staff shortages and shrinking budgets, it’s no surprise that IT and security teams have relaxed some of the core cybersecurity requirements that seem a little more mundane or expendable,” said Mark Bowling, ExtraHop’s chief risk, security and information security officer.
“The likelihood of a ransomware attack is inversely proportional to the size of the unmitigated surface attack area, which is an example of cybersecurity debt. The liabilities, and ultimately the financial damage, that result from this deprioritization increases cybersecurity debt and opens up more risk to equal opportunity companies.”
“Gaining greater network visibility with an NDR solution can help uncover the cyber truth and shed light on the most pressing vulnerabilities so they can better manage their cybersecurity debt.”
