To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says
Does an organization’s readiness for a potential ransomware attack protect it from being victimized? Not necessarily, a raft of new, global data found.
More than three out of four organizations detected ransomware attacks early, yet half were still victimized by a hijack, cybersecurity provider Fortinet determined in a new study.
569 Cyber Leaders Surveyed
The findings in Fortinet’s newly released 2023 Global Ransomware Report, which surveyed some 569 cybersecurity leaders from 31 different locations around the world, included the following top-level data:
- The global threat of ransomware remains at peak levels, with half of organizations across all sizes, regions and industries falling victim in the last year.
- The top challenges to stopping a ransomware attack were people and process related, with many organizations lacking clarity on how to secure against the threat.
- There are a range of technologies viewed as essential to prevent ransomware, with an overwhelming majority prioritizing an integrated approach to security.
- Despite the global macroeconomic environment, security budgets will increase in the next year with a focus on AI/ML technologies to speed detection, centralized monitoring tools to speed response, and better preparation of people and processes.
Commenting on the findings, John Maddison, Fortinet executive vice president of products and chief marketing officer, said:
“These results demonstrate the urgency to move beyond simple detection to real-time response. However, this is only part of the solution as organizations cited the top challenges in preventing attacks were related to their people and processes. A holistic approach to cybersecurity that goes beyond investing in essential technologies and prioritizes training is essential.”
Preparation Not Always Enough
Digging deeper into the survey results shows a significant disconnect between respondents’ level of preparedness with existing strategies and their ability to stop a ransomware attack:
- 78% of organizations stated they were “very” or “extremely” prepared to mitigate an attack but 50% fell victim to ransomware in the last year, and almost half were targeted two or more times.
- Four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training, and no clear chain-of-command strategy to deal with attacks.
In addition, despite law enforcement and cybersecurity experts’ urging targets not to pay ransoms, victims continued to pay up. As the survey showed:
- Despite most (72%) detecting an incident within hours, and sometimes minutes, the percentage of organizations paying ransoms remains high, with almost three-quarters of respondents making some form of ransom payment.
- When comparing across industries, organizations in the manufacturing sector received higher ransoms and were more likely to pay the fee.
- Specifically, one quarter of attacks among manufacturing organizations received a ransom of $1 million or higher.
Cyber Insurance Lacking
While almost all organizations (88%) reported having cyber insurance, almost 40% didn’t receive as much coverage as expected and, in some cases, didn’t receive any because of an exception from the insurer. Accordingly, the study found:
- Despite economic uncertainty, security budgets are expected to increase.
- Nearly all organizations (91%) expect increased security budgets in the next year.
- Organizations were most concerned with IoT Security, SASE, cloud workload protection, NGFW, EDR, ZTNA, and security email gateway.
- The number of respondents citing ZTNA (zero trust network access) and secure email gateway increased by nearly 20% as compared to last year.
- Given the omnipresence of email phishing, the respondents view secure email gateway (51%) with higher importance. However, other essential protections, such as sandboxing (23%) and network segmentation (20%) remained low on the list.
In the future, top priorities for respondents will be investing in advanced technology powered by AI and ML to enable faster threat detection and central monitoring tools to speed response, according to the survey.