Organizations around the globe face the daunting reality of dealing with ransomware attacks. According to the 2023 Global Cyber Confidence Index from cloud network detection and response provider ExtraHop, the number of ransomware attacks have risen from four to five this year, with 83% of all victimized organizations actually paying the ransom. This puts an average price tag of $925,162 on organizations. Although the FBI and CISA caution against paying these ransoms, many entities choose that route instead of enduring the further operational disruption and data loss they would suffer.
Meanwhile, cyber gangs are utilizing the “double extortion” modus operandi — stealing data before encrypting it and then threatening to publish it online — to pressure companies into giving in to their demands. Yum! Brands, the parent company of KFC, Taco Bell and Pizza Hut, is the latest victim of a ransomware attack.
The underlying theme of ExtraHop’s report is that these attacks are enabled by vulnerabilities in unpatched software, unmanaged devices and shadow IT. The company found that almost 80% of IT decision makers agree that aged cybersecurity practices negligently lead to at least half of all security incidents. Organizational debt created by failing to address these weaknesses give threat actors leverage to target companies, often with devastating consequences.
ExtraHop’s Mark Bowling, Chief Risk, Security and Information Security Officer, believes that “the probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area” and warns of the financial damages that mount with “de-prioritization” of cyber security.
Jamie Moles is the Senior Technical Manager at ExtraHop. His job is to figure out the root causes of cyber attacks and suggest solutions to prevent them. With a master’s degree in computing security and a decade of experience in the cybersecurity field, Mr. Moles’ outlook is valuable when it comes to understanding the mechanisms of successful ransomware attacks.
Organizations need to be aware of their vulnerabilities before it’s too late and take steps to protect themselves from ransomware attacks. Taking steps to keep up with patching and monitoring devices connected to the network is essential in maintaining an organization’s cyber defense. Doing so is the best way to protect businesses from becoming victims of ransomware.
