Most businesses give in to ransomware attacks and pay out

Ransomware
(Image credit: Pixabay)

Despite cybersecurity experts and law enforcement agencies warning against yielding to ransom demands, most organizations still paid their way out on at least one occasion.

As per the 2023 Global Cyber Confidence Index from network detection and response (NDR) firm ExtraHop, of all the organizations that suffered a ransomware attack, 83% admitted to paying the perpetrators at least once.

At the same time, the number of attacks has risen dramatically in recent years. ExtraHop says that in 2021, an average company reported suffering four attacks in five years; last year, however, it was four attacks in just one year. The researchers said this was made possible, among other things, due to significant security debt.

Drowning in security debt

In fact, organizations are “drowning” in unaddressed security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, insecure network protocols, and similar. 

More than three-quarters (77%) of IT decision-makers said outdated cybersecurity practices were to blame for at least half of the incidents they experienced, but at the same time, fewer than a third said they would be addressing these problems immediately.

Virtually all (98%) are running at least one insecure network protocol, up 6% year-on-year. SMBv1, a protocol that “played a significant role” in WannaCry and NotPetya, is in use by more than three-quarters (77%) of firms today. 

In addition, 53% of firms are running critical devices that can be accessed and controlled from a remote location, while 47% have some critical devices exposed to the public internet.

“As organizations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,” said Mark Bowling, ExtraHop's Chief Risk, Security and Information Security Officer. 

"The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt. The liabilities, and, ultimately, financial damages that result from this deprioritization compounds cybersecurity debt and opens organizations up to even more risk." 

"Greater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt."

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.