SpyCloud researchers recently reported that an overwhelming majority of cybersecurity leaders surveyed (81%) believe their organization’s security is above average or exceptional. At the same time, 72% reported that their organization was affected by ransomware at least once within the past twelve months, with 18% reporting they were impacted more than six times in the past year. With regard to the frequency of attacks, SpyCloud’s report states that “Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees.”
In addition, only 18% of survey respondents believe a ransomware incident is not likely to happen at their organization within the next year, while 13% believe it’s very likely to happen at least once, and 22% believe it’s very likely to happen multiple times. Businesses’ confidence in their preparedness for ransomware is demonstrably misplaced.
This gap between organizations’ perception of their “cyber maturity” and the reality of their vulnerability to ransomware attacks stems from a failure to invest in prevention. While respondents identified phishing emails and weak or stolen credentials as the riskiest ransomware attack vectors, many lacked basic password hygiene and prevention measures. For example, 41% lack a password complexity requirement, and only 55.6% have implemented multifactor authentication (MFA).
Business leaders are acutely aware of the dangers they face. Despite the rising costs of cybersecurity, organizations are prioritizing their investments in cybersecurity defenses more than ever before. The biggest hindrance is the lack of skilled security personnel, followed closely by low-security awareness among employees.
To combat the threat of ransomware, prevention and vigilance are key. While people may be organizations’ greatest source of vulnerability, they are also critical to closing the riskiest entry points for cybercriminals. Increasing security awareness, implementing protocols to improve password hygiene, and monitoring to detect exposed credentials and change them before criminals can use them to infiltrate corporate networks are basic preventative steps that all companies should take.
SpyCloud’s 2021 Ransomware Defense Report analyzes a survey of IT security professionals and executives from a cross-section of small, mid-market, and large enterprises regarding how they view the threat of ransomware attacks and the maturity of their cybersecurity defenses between August 2020 and August 2021.
Read the full report by SpyCloud.