According to recent findings, the percentage of organizations hit with ransomware attacks jumped to 66% in 2021, representing a 29% year-over-year increase. As these and other cyber-attacks become more complex, all American organizations are at risk, yet still struggle to prevent attacks in the first place.
The study, conducted in early 2022, is a worldwide, vendor-agnostic survey of 5,600 IT professionals detailed how organizations responded to the heightened cyber-attack environment of the previous year. Out of those surveyed, some 88% of organizations reported they have sufficient cybersecurity talent, budget and resources, but many were unaware of recent threats and are unable to secure the right talent to develop a proactive cybersecurity strategy.
Ransomware attacks start at the email level, in the form of phishing scams. These vary in their messaging and type, but most RaaS (Ransomware-as-a-Service) companies due their homework before an attack. In many cases, the phishing scheme uses fake invoicing from known vendors, insurance forms, or even more sophisticated, researched form. After all, they have millions from ransoming other companies, so they invest in making themselves look at legitimate as possible.
Many organizations feel their backups and cyber insurance is a viable strategy, but nearly none are taking steps to prevent an attack; and worse, the main target of these attacks are their website and email, which are not given a second thought by most of them. The reality is, cybersecurity starts at the website / email level and continues to internal networks, just like the path cyber-criminals take to hold them hostage.
Ransomware Attack Volume And Complexity Are Increasing
According to the same report, Ransomware attacks increased by 78% throughout the course of 2021. Two in three organizations were hit overall and a joint report by Cyber Security Works noted that the number of vulnerabilities associated with attacks grew from 223 to 288 in 2021. This reflects the increasing reach and complexity of attack methods, largely due to the growing success of ransomware-as-a-service—an attack model where ransomware franchisers provide data encryption and ransomware collection tools to attackers in exchange for a percentage of the ransom collected. This makes ransomware more accessible by reducing the skill level required to deploy it.
Ransomware attackers have also become more successful at encrypting data overall. According to the study, in 2021, 65% of attacks resulted in data encryption on the part of attackers—up 11% from 2020. And beyond increased encryption, 72% of organizations reported challenges in at least one of three major areas: increased overall volume of attacks, increased complexity of attacks and increased impact of attacks. Together, these factors comprise a threat landscape that is more difficult for organizations to mitigate—and more costly if they can’t.