Multiple-threat ransomware attacks become more common
It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.
Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).
Among other findings industrial control systems (ICS), Internet of Things (IoT) devices, and mobile devices top the list of the IT components that respondents say are most challenging to secure. In addition 87 percent are experiencing a shortfall of security talent, with IT security administrators the role in greatest demand.
It's not surprising then that the vast majority of organizations are adopting emerging security technologies such as zero trust network architectures (92 percent), extended detection and response (93 percent), and secure access service edge (93 percent). The average information security budget is also up by 5.3 percent in 2023.
Security professionals are feeling more positive, however, the percentage of survey respondents who believe it's more likely than not that their employers will be victimized by a successful cyberattack of some kind in the coming year declined for the first time in six years, from 76 percent to 72 percent. In addition, their overall concern about cyberthreats is down too. One factor contributing to the improving sentiment is that the percentage of organizations experiencing at least one successful attack in 2022 (85 percent) declined for the second consecutive year.
"Security professionals rarely hear good news when it comes to cyberthreat statistics," says Steve Piper, founder and CEO of CyberEdge Group. "Although successful ransomware attacks are up, the percentage of organizations victimized by all classes of cyberthreats fell for the second straight year -- the first multi-year decline in CDR history. Overall concern for cyberthreats ticked down for the first time since the start of the pandemic, concern for web and mobile attacks is down, concern for cloud security challenges is down, and security professionals are starting to feel more optimistic. With increased adoption of modern cybersecurity defenses, the industry may finally have turned the tide against our cyber adversaries."
The 2023 Cyberthreat Defense Report is available from the CyberEdge site.