Most Canadian firms pay a ransomware gang, latest CIRA survey suggests

/in


The vast majority of organizations in this country are still giving in and paying ransomware gangs after successful attacks, the annual survey of infosec pros by the Canadian Internet Registry Authority (CIRA) suggests.

That’s one possible conclusion from the results of an online survey of 500 Canadian cybersecurity professionals from organizations that had at least 50 employees that was released Tuesday by CIRA.

CIRA oversees the .ca registry.

Released in conjunction with Cybersecurity Awareness Month, the survey shows 41 per cent of respondents said their organization had experienced an attempted or successful cyber attack in the last 12 months. Of those, 23 per cent said that their organization had been a victim of a successful ransomware attack in the last 12 months, one per cent more than 2022.

And of those, 70 per cent said their organization paid ransom demands — and nearly a quarter of those paid up to $100,000. The responses are roughly similar to those of previous CIRA surveys. In 2022, 73 per cent of those hit by ransomware said their firm paid up, while 69 per cent said their firm paid a ransom in 2021.

The numbers “went the wrong way in terms of a trend this year,” admitted Jon Ferguson, CIRA’s general manager of cybersecurity.

“The challenge for a lot of organizations is if they’re not well prepared for an attack before it happens, remediation may not be easy,” he said. “So they perceive paying is the simplest resolution of the problem. Maybe they lack the ability to recover without getting access (to data) back.”

They may also be worried about damage to their reputation if word gets out about a ransomware attack, he added.

Asked why in 2023 an organization would not be well prepared for ransomware, Ferguson said some firms may have trouble understanding the threats new technologies adopted by IT will pose.

He also noted evidence in the survey numbers that IT pros recognize ransomware is a problem. Three-quarters of respondents said they would support a law forbidding organizations from making ransom payments. (That’s up from 64 per cent in the 2021 survey).

Among other troubling survey numbers pointed out to Ferguson, 64 per cent of…

Source…