Tweet
Despite cybersecurity experts and law enforcement agencies warning against yielding to ransom demands, most organizations still paid their way out on at least one occasion.
As per the 2023 Global Cyber Confidence Index from network detection and response (NDR) firm ExtraHop, of all the organizations that suffered a ransomware attack, 83% admitted to paying the perpetrators at least once.
At the same time, the number of attacks has risen dramatically in recent years. ExtraHop says that in 2021, an average company reported suffering four attacks in five years; last year, however, it was four attacks in just one year. The researchers said this was made possible, among other things, due to significant security debt.
[HEADING=1]Drowning in security debt[/HEADING]
In fact, organizations are âdrowningâ in unaddressed security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, insecure network protocols, and similar.
More than three-quarters (77%) of IT decision-makers said outdated cybersecurity practices were to blame for at least half of the incidents they experienced, but at the same time, fewer than a third said they would be addressing these problems immediately.
Read more
Virtually all (98%) are running at least one insecure network protocol, up 6% year-on-year. SMBv1, a protocol that âplayed a significant roleâ in WannaCry and NotPetya, is in use by more than three-quarters (77%) of firms today.
In addition, 53% of firms are running critical devices that can be accessed and controlled from a remote location, while 47% have some critical devices exposed to the public internet.
âAs organizations find themselves overburdened by staffing shortages and shrinking budgets, itâs no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,â said Mark Bowling, ExtraHopâs Chief Risk, Security and Information Security Officer.
âThe probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt. The liabilities, and, ultimately, financial damages that result from this deprioritization compounds cybersecurity debt and opens organizations up to even more risk.â
âGreater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.â
[ul]
[li]Check out our list of the best firewalls around[/li][/ul]
Continue readingâŚ
As per the 2023 Global Cyber Confidence Index from network detection and response (NDR) firm ExtraHop, of all the organizations that suffered a ransomware attack, 83% admitted to paying the perpetrators at least once.
At the same time, the number of attacks has risen dramatically in recent years. ExtraHop says that in 2021, an average company reported suffering four attacks in five years; last year, however, it was four attacks in just one year. The researchers said this was made possible, among other things, due to significant security debt.
[HEADING=1]Drowning in security debt[/HEADING]
In fact, organizations are âdrowningâ in unaddressed security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, insecure network protocols, and similar.
More than three-quarters (77%) of IT decision-makers said outdated cybersecurity practices were to blame for at least half of the incidents they experienced, but at the same time, fewer than a third said they would be addressing these problems immediately.
Read more
Many CISOs are drowning in âsecurity debtâ
The explosion of digital identities and growth of cybersecurity debt
These are the best endpoint protection tools today
The explosion of digital identities and growth of cybersecurity debt
These are the best endpoint protection tools today
In addition, 53% of firms are running critical devices that can be accessed and controlled from a remote location, while 47% have some critical devices exposed to the public internet.
âAs organizations find themselves overburdened by staffing shortages and shrinking budgets, itâs no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,â said Mark Bowling, ExtraHopâs Chief Risk, Security and Information Security Officer.
âThe probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt. The liabilities, and, ultimately, financial damages that result from this deprioritization compounds cybersecurity debt and opens organizations up to even more risk.â
âGreater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.â
[ul]
[li]Check out our list of the best firewalls around[/li][/ul]
Continue readingâŚ