Ransomware affects 90 percent of companies in the past year

Despite increased spending on cybersecurity, a new report reveals that 90 percent of organizations were affected by ransomware in some way over the past 12 months, up from last year's 72.5 percent.

The study from SpyCloud shows that security efforts are being stepped up, the number of organizations that have implemented or plan to implement multi-factor authentication jumped 71 percent, from 56 percent the previous year to 96 percent. Monitoring for compromised employee credentials also increased from 44 percent to 73 percent.

Yet the survey reveals organizations are not only still falling victim but are increasingly likely to be hit more than once: 50 percent have been hit at least twice, 20.3 percent were hit between six and 10 times and 7.4 percent attacked more than 10 times.

"Organizations are right to be concerned about unwitting insider threats -- their cybersecurity measures are failing to close gaps that are leading to ransomware attacks," says SpyCloud CEO and co-founder Ted Ross. "Organizations may not be aware that undetected malware infections on personal devices represent the riskiest of those gaps. This report shows organizations are spending time and money on solutions that leave sensitive data exposed. Even if security teams retrieve their organizations' data, once it's circulated on the dark web, criminals can use it for more destructive activities -- including their next attack."

According to 87 percent of respondents, reports of credential-stealing malware such as RedLine Stealer have elevated their organization's concern over unmonitored personal devices as a potential entry point for ransomware. Unmanaged devices pose a great concern because security teams are unable to monitor them for threats such as malware and third-party application exposures.

"Effective ransomware prevention strategies must focus on the entry points security teams can’t see – the cloaked attack surface that includes third-party applications and unmanaged machines outside their standard monitoring purview," adds Ross. "A single malware-infected device can compromise hundreds of corporate applications. Even after the malware is removed, the damage is done unless all of those applications are properly remediated post-infection -- otherwise doors remain open for ransomware and other critical threats to the enterprise."

You can get the full report on the SpyCloud site.

Image credit: Andrey_Popov/ Shutterstock