SpyCloud released its 2021 Ransomware Defense Report on Tuesday to provide an insightful analysis of the perceived threat of ransomware attacks and the maturity of cybersecurity defense systems across leading information technology security companies.
Despite the increasing frequency and elevated concern of high-profile attacks, like the 2020 SolarWinds breach and the recent Colonial Pipeline ransomware attack, SpyCloud’s report found that companies may still be falsely confident in their cybersecurity capabilities and underprepared to combat future attacks.
“This report indicates a disturbing misplaced confidence that defenses never fail or that paying a ransom after an attack will always work – they do, and it won’t,” said Ted Ross, co-founder and CEO of SpyCloud.
As part of its research, SpyCloud surveyed 250 participants, the majority of whom hold senior-level IT security roles including CIOs, CISOs and security directors, across a broad scope of organization sizes ranging from 500-25,000 employees.
A staggering 72 percent of surveyed organizations reported ransomware attacks within the last year, and during that time period, the cost of ransomware recovery has more than doubled from $760,000 to $1.85 million.
However, out of the 81 percent of survey participants who reported their security as exceptional or above average, only 55 percent have implemented multi-factor authentication measures, and 41 percent do not require password complexity, one of the most basic and low-cost forms of cyber protection available.
SpyCloud’s report revealed that too many companies are investing in recovery efforts after attacks occur, rather than getting ahead of cybersecurity breaches with preventative measures.
The most common entry points, and in turn the most glaring security weaknesses, SpyCloud found, are phishing emails with infected attachments or links and weak or stolen credentials.
To secure these entry points, companies must implement MFA measures, require more robust and complex passwords and increase employee awareness of phishing emails.
“Ransomware is a real problem, and it’s growing, but there are concrete steps organizations can take to prepare,” Ross shared. “Proactively implementing preventative solutions is the key to disrupting ransomware early in the lifecycle and successfully mitigating the damage.”
With cybersecurity at the forefront of national security concerns, ExecutiveBiz is hosting its Supply Chain Cybersecurity: Revelations and Innovations event on October 26th, which will gather elite cyber experts to examine the urgent challenges, obstacles and innovation opportunities facing the nation’s supply chain and essential cybersecurity capabilities today.