We all know that law enforcement doesn’t want you to pay. Government officials saying paying ransomware demands is a no-no are joined by cybersecurity experts who also say to not yield to those demands.
Still, a survey done by the 2023 Global Cyber Confidence Index and the cyber detection experts at ExtraHop says 83% of businesses admit to paying the ransom.
ExtraHop says that’s not surprising. It says most businesses are “drowning” in security vulnerabilities that are never addressed. These are things like unpatched software, devices that aren’t properly managed and network protocols that are not secure.
It said in 2021 a company that gets hit often reports four attacks in five years. Last year it was four attacks in one year.
A huge percentage of IT decision makers — 77% — said outdated cybersecurity practices within the company are to blame for half of the attacks. Sadly, fewer than 33% said they’re going to address those issues.
So the businesses pay the ransom attack rather than fix things.
Mark Bowling is ExtraHop’s Chief Risk, Security and Information Security Officer. He said a huge problem is 53% of companies are running devices that are critical to the company’s security from remote locations. Another 47% say they have critical devices exposed to public internet.
“As organizations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,” Bowling said. “The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt. The liabilities, and, ultimately, financial damages that result from this deprioritization compounds cybersecurity debt and opens organizations up to even more risk.”
Source link: TechRadar — https://bit.ly/3mHExjI