83% of ransomware-hit firms paid ransom at least once

/in


  • An alarming 83% of the individuals who were targeted acknowledged having paid the ransom on at least one occasion.
  • The data reveals a link between cybersecurity debt and occurrences of ransomware incidents.

The debate over whether organizations should pay ransoms in ransomware incidents often centers around the importance of promoting cybersecurity awareness. Last week, news emerged about Australian financial company Latitude Group Holdings, which announced its decision not to succumb to criminals’ ransom demands following a cyberattack the previous month. They asserted that doing so would harm customers and the broader community by encouraging more attacks.

While a few companies may have followed Latitude’s example by refusing to pay ransoms, a striking 83% of those who fell victim admitted to paying the ransom at least once, according to ExtraHop’s 2023 Global Cyber Confidence Index: Cybersecurity Debt Drives Up Costs and Ransomware Risk report.

The study, contrasting IT leaders’ cybersecurity practices with the actual attack landscape, revealed a significant rise in ransomware incidents – from an average of four attacks over five years in 2021 to four attacks within just one year in 2022.

Now, the costs of data breaches continue to increase yearly. Ransomware payments are also not getting any cheaper, especially with most ransoms being paid in cryptocurrency. Businesses will eventually realize that the cost of paying ransom is actually a lot more than implementing and improving their cybersecurity. Backup and data recovery services need to be prioritized as well as increasing the cybersecurity awareness among employees.

As organizations face a growing number of attacks, the data shows they are overwhelmed by cybersecurity debt – unresolved security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, and insecure network protocols that serve as entry points for malicious actors.

Apart from that, most organizations have not moved on from outdated cybersecurity practices and are lacking good cyber hygiene. Both of these may not be the major cause of ransomware but are contributing factors that can enable cybercriminals to easily launch…

Source…