Survey reveals that organizational ransomware payments may be reaching worrying levels
- Published: Wednesday, 13 June 2018 08:25
Radware has published its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53 percent) reported paying a hacker’s ransom following a cyber attack.
“A ransom payment may make the problem go away for now, but these types of responses won’t drive a business forward,” said Anna Convery-Pelletier, chief marketing officer at Radware. “A reactionary security strategy limits an organization’s ability to secure customer data, protect their brand’s reputation, and achieve business goals. Investing in appropriate security solutions is no longer simply an IT expense, it is fundamental to a business’ long term success.”
According to the report, 69 percent of executives said that their company faced a ransom attack in the past year, compared with only 14 percent noting so in 2016. Meanwhile, two-thirds of executives (66 percent) report a lack of confidence in their network security, admitting their networks are penetrable by hackers.
Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber attacks. In a sign that consumers will not accept data breaches, 41 percent of executives noted their organization faced legal action from customers following a breach. At the same time, executives stated that their biggest concerns associated with cyber attacks are customer loss (41 percent) and brand reputation loss (34 percent).
In the midst of all this, organizations still struggle to implement tools that would drastically improve their cybersecurity posture. While more than one in three (35 percent) executives noted that encrypted attacks would be detrimental to their organization, 41 percent reported that they continue to review the legalities of decrypting traffic on their network, a process needed to significantly reduce the threat of encrypted threats.
Other highlights from the report include:
Have we reached an automation tipping point? The complexity of networks and changing attack vectors have led companies to invest in automated and machine-learning security tools. Over the past two years, 71 percent of executives report shifting network security spending to investments in automated security.
Gaps between clouds create major security risk. More than 90 percent of executives report using multiple public and private cloud environments as part of their companies’ IT infrastructure, and most companies host up to 50 percent of their business applications in the cloud. C-suite executives clearly understand that dispersing their network across multiple public and private clouds introduces security risks however. The vast majority of respondents (96 percent) are very or somewhat concerned about network vulnerabilities created by using multiple clouds.
Executives reveal their most detrimental security threats: 38 percent of executives report daily or weekly attacks. Executives feared social engineering (38 percent), Ransomware (38 percent) and Malware (37 percent) as the most detrimental to their business, followed closely by IoT botnet powered DDoS attacks (35 percent), and Encrypted (35 percent) attacks.
Nation state attacks motivate security upgrades for American organizations. US executives in particular were more likely than their peers in EMEA and APAC to say that attacks by nation-states have influenced security changes. More than half of US executives pointed to nation-state threats as a motivator, while just 30 percent in the APAC region, and 41 percent in the EMEA region said so.
Companies react when peers are attacked. Approximately 61 percent of executives said that watching attacks on peer companies influenced their decision to change security policy. Almost as many, 59 percent, said attacks on their own organizations had prompted changes in their security posture.
On behalf of Radware, Merrill Research surveyed 232 executives from across the globe. To participate in the 2018 Executive Application & Network Security respondents were required to be a company with at least 250 million USD/EUR/GBP/RMB in revenue and hold a title of senior vice president level or higher.