Cloud and hybrid environments present weak spots for ransomware attackers
The increased connectivity of business systems and devices is making it harder for organizations to defend against ransomware attacks according to a new report.
The study from Illumio, with research conducted by the Ponemon Institute, shows organizations perceive the cloud and endpoints as being the most vulnerable, and 34 percent say a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.
Desktops and laptops remain the most compromised devices (65 percent), with phishing and software vulnerabilities cited as top entry points for ransomware. Over half (56 percent) of attacks moved across the network to infect other devices, with the top techniques used to move laterally and escalate system privileges being the exploit of weak passwords (53 percent), cached credential attacks (28 percent) and exploitation of unpatched systems (43 percent).
The implications of an attack can be severe. For example, 62 percent of UK organizations had to shut down operations following a ransomware attack. 41 percent lost customers, 37 percent had to eliminate jobs and 34 percent reported a significant loss of revenue.
"The consequences for a lot of organizations, depending on which sectors they're in, are actually much bigger from a disruption perspective compared to a data theft," says Trevor Dearing, director of critical infrastructure at Illumio. "So if you are an electricity company, water company, anything that fits in that space, if you lose some customer records that's a bad thing. But if the lights go out, that's a disaster. So, I think we are seeing a shift in that direction and that's also reflected in reports like the World Economic Forum Cyber Security Report, where their concern is becoming more about disruption than necessarily data theft."
The report also finds organizational challenges in defending against ransomware. 73 percent of those that experienced a ransomware attack didn't report it to law enforcement. Top reasons for not reporting include not wanting to publicize the incident (43 percent), being up against a payment deadline (40 percent) and fear of retaliation (36 percent).
Employees remain a weak link in security too, only forty percent of respondents say they are confident in the ability of employees to detect social engineering lures, and insider negligence is the top challenge when responding to ransomware attacks. 40 percent have specifically adopted AI to help combat ransomware, while 46 percent are concerned their organization may experience an AI-generated ransomware attack.
The full report is available from the Illumio site.
Image credit: AndreyPopov/depositphotos.com