Security pros more confident about fending off ransomware, despite being battered by attacks
Data leak, shmata leak. It will all work out, right?
IT and security pros say they are more confident in their ability to manage ransomware attacks after nearly nine in ten (88 percent) were forced to contain efforts by criminals to breach their defenses in the past year.
Global data released today from the Ponemon Institute, which examined the responses of 2,547 individuals who have responsibilities to address ransomware attacks in their organizations, indicated increasing self-assurance in many of the important matters related to these raids. It's likely that exposure itself and the experienced gained were key.
Compared to the previous batch of responses collected in 2021, there was actually a drop in those who thought their organization would be a target for ransomware (64 percent down from 68 percent in 2021).
Professionals also said they were less concerned about supply chain risks (56 percent were worried this time, down from 75 percent in 2021) and data leakage (52 percent down from 73 percent).
Brand name pain
The research also found that damage to a victim's brand now incurs the highest cost for an organization hit with ransomware. Dealing with the fall-out is seen as more costly than lost revenues due to downtime, engaging third-party forensics experts, and legal and regulatory actions.
Generally speaking, ransomware incidents that involve a bunch of people's data being plastered online are the more reputationally damaging ones.
Defenders' confidence has grown further in temrs of the security controls used to protect their employers from ransomware. Fifty-four percent now believe their tools are up to the job of swatting away an attack, a big increase from 2021 when just 32 percent felt they were adequately armed.
Nearly half (45 percent) of all ransomware attacks began with phishing, the research found, and "insider negligence" was the most prominent cause listed.
AI threats
Industry pros weren't asked about their thoughts on AI's impact on security in the 2021 report, but illustrating how much of a talking point the tech has become in recent years, Ponemon's research asked the question for the first time in 2024 – revealing just over half (51 percent) were highly or extremely concerned about an AI-generated ransomware attack.
By "AI-generated ransomware attack," Ponemon said it meant anything ranging from an attack which uses AI to increase the apparent authenticity of a phishing email to the technology used to automate any part of the attack path.
When ChatGPT and the other high-profile generative AI products hit the market a few years ago, there were (quickly debunked) fears that they could be used by any technically inept wannabe cyber gangster to quickly whip up some devastating malware.
Almost a year ago to the day, the UK's national cyber agency (NCSC) also warned that by 2025 AI could feasibly help nation-states develop malware which could evade modern detections. It caveated the claim by saying the model used to develop those tools would need to be trained on high-quality exploit data, but the possibility remained real.
In reality, however, AI is being used more to finesse the code-writing of experienced developers rather than writing it all from a few prompts. It's also being used to help foreign criminals craft more convincing phishing lures, stamping out the telltale signs of non-native language use, for example.
The use of Deepfakes, both for audio and video, is also a growing threat to organizations, although one still in its infancy.
On the defense side, vendors have heavily marketed their AI-powered cyber solutions, and that's arguably where most of the AI noise is coming from in security of late. Ponemon reported that circa 42 percent of pros have actually implemented any kind of AI-bolstered defense systems.
Many hands, light work, etc
The time taken to remediate an organization's largest ransomware attack has fallen in comparison to 2021's data, the Ponemon research showed.
On average, it took defenders 132 hours to get back to working order, with the help of 17.5 people – staff and third parties, per the recent data. That's down from 190 hours with the help of 14 people in 2021.
- Who is DDoSing you? Rivals, probably, or cheesed-off users
- Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch
- Ransomware scum make it personal for Reg readers by impersonating tech support
- UK floats ransomware payout ban for public sector
From a staffing perspective only, the average cost of dealing with a ransomware incident in 2024 was $146,685, compared to $168,910 in 2021. Ponemon noted that the average cost is still high and, of course, drains the security budget that should otherwise be spent on technologies and people that could help mitigate or prevent subsequent attacks.
"Ransomware is more pervasive and impactful than ever, with more organizations forced to suspend operations or experiencing major business failure because of attacks," said Trevor Dearing, Director of Critical Infrastructure at Illumio, which sponsored the research.
"Organizations need operational resilience and controls like microsegmentation that stop attackers from reaching critical systems. By containing attacks at the point of entry, organizations can protect critical systems and data, and save millions in downtime, lost business, and reputational damage." ®