Many global organizations recently experienced ransomware attacks in which cybercriminals used malware to encrypt data, systems and networks until a ransom was paid, according to a survey of 605 IT executives conducted by cybersecurity services company Radware.
Key findings from the Radware "2017-2018 Global Application & Network Security Report" included:
- 24 percent of survey respondents reported daily or weekly cyberattacks.
- 42 percent experienced ransomware attacks last year, a 40 percent increase from 2016.
- 50 percent experienced a cyberattack motivated by ransom in the past year; respondents also ranked ransom as the leading motivation for cyberattacks.
- 72 percent are not well prepared for the European Union's General Data Protection Regulation (GDPR), which takes effect May 25. In addition, 16 percent of these respondents cannot define GDPR.
- 80 percent do not calculate the costs of cyberattacks.
- Data leakage/information loss (28 percent) was the top-ranked security concern, followed by service level degradation/outage (23 percent).
- Security misconfigurations (26 percent) and application vulnerabilities (23 percent) were cited as top risks in cloud environments.
Approximately one-third of survey respondents lack an emergency response plan, despite the dangers associated with cyberattacks, Radware indicated. Also, after one in four cyberattacks, a customer will leave or sue the attacked organization, the survey showed.
How to Prepare for Cyberattacks
Many organizations are deploying internet-connected devices in an insecure manner, Radware indicated. However, organizations that understand cyber threats can quickly address cyberattacks and prevent these attacks from causing long-lasting damage.
Radware offered the following tips to help organizations mitigate the effects of cyberattacks:
- Fight AI with AI. Cybercriminals are using artificial intelligence (AI) to automate cyberattacks. Conversely, organizations can leverage cybersecurity applications to detect cyberattack patterns and anomalies and identify suspect pieces of code that otherwise may lead to zero-day attacks.
- Protect APIs. Application programming interfaces (APIs) simplify architecture and delivery but introduce cyber risks and vulnerabilities, and organizations must find ways to secure APIs to minimize risk.
- Understand the different types of proxy attacks. Three types of proxy attacks likely will affect organizations in the foreseeable future: attacks against content delivery network (CDN) proxies, watering hole attacks and side channel attacks. Learning about these proxy attacks can help an organization limit their potential impact.
- Address social engineering attacks. Social engineering attacks involve the use of deceptive techniques to trick individuals into providing information or access to systems. Teaching employees about phishing and other types of social engineering attacks can help organizations address these attacks before they escalate.
Hackers and their methods are become increasingly automated, Radware VP of Security Solutions Carl Herberger said in a prepared statement. As such, organizations must be proactive, Herberger stated, to find ways to protect their businesses against a wide range of cyber risks.
