Ransomware has remained a persistent and pervasive threat to organizations around the world, with India hardest hit in the Asia Pacific region, according to a report by cybersecurity firm CrowdStrike, Inc.

According to the 2021 CrowdStrike Global Security Attitude Survey, conducted by independent research firm Vanson Bourne, ransomware has been an ongoing threat, costing organizations nearly $2 million on average.

India has been hardest hit by ransomware in the Asia-Pacific region, with 76 percent experiencing a ransomware attack this year, compared to 61 percent in Japan, 64 percent in Singapore and 67 percent in Australia.

Furthermore, 26 percent of Indian respondents said they had paid between $1 million – $2.5 million as a result of ransomware attacks in the past 12 months compared to 25 percent in Japan, 14 percent in Singapore and 42 percent in Australia .

Additionally, 27 percent of Indian respondents said they had paid between $500,000 and $1 million in extortion fees for ransomware, compared to 33 percent in Japan, 29 percent in Singapore, and 19 percent in Australia.

Globally according to the survey, average ransomware revenue increased by 62.7 percent in 2021 (from $1.1 million in 2020 to $1.79 million in 2021).

Ransomware payments averaged $1.34 million in Europe, the Middle East, and Africa, $2.35 million in the Asia Pacific region, and $1.55 million in the United States.

It was further noted that the average ransom demand from the attackers was $6 million.

“While attackers are not getting the amounts they seek, they still earn huge salaries,” the report said. “CrowdStrike attributes this to companies’ understanding of both the threat and their exposure, and their ability to negotiate with attackers,” the report said.

Moreover, “organizations are almost universally subjected to ‘double extortion’, when attackers not only demand a ransom to decrypt data, but additionally threaten to leak or sell the data unless the victims pay more.”

The survey showed that 96 percent of organizations that paid ransoms had to pay additional extortion fees, costing companies an average of $792,493. Additionally, 66 percent of organizations surveyed have experienced at least one ransomware attack in the past 12 months.

In terms of security, 45 percent of Indian organizations felt that the lack of accurate threat intelligence was a major barrier to creating a better security posture against ransomware attacks. This compares with 36 percent in Japan, 55 percent in Singapore and 39 percent in Australia.

Nation-state attacks

In India, 58 percent of respondents further said they feel the greatest threat from cyber attacks coming from China followed by Pakistan (47 percent).

The report added that China represented a common threat across regions with 76 percent in Japan, 66 percent in Singapore and 53 percent in Australia.

For 88 percent of respondents, cyber attacks sponsored by Russia and China “pose a clear and present risk to organizations in India,” compared to 87 percent in Japan, 86 percent in Singapore and 78 percent in Australia.

Also, 86 per cent of Indian respondents highlighted the threat of rising nation-state attacks. 76 per cent of respondents believe that the Indian government is taking necessary action against the threat actors to create a safe environment for organizations to operate compared to 50 per cent in Japan, 62 per cent in Singapore and 61 per cent in Australia.

The report also focused on organizations’ ability to detect threats. 36 percent of Indian respondents feel they are able to detect a cyber attack within one hour compared to 24 percent in Japan, 33 percent in Singapore and 36 percent in Australia.

The main reason cited for Indian organizations not being able to detect incursions was infrastructure. 62 per cent of respondents said their security infrastructure is made up of too many disparate solutions that do not easily integrate for proper protection and prevention compared to 47 per cent in Japan, 49 per cent in Singapore and 51 per cent in Australia.

Other concerns of Indian organizations included a lack of resources in the cybersecurity department (46 percent) and challenges of outdated infrastructure (46 percent).

Software supply chain attacks

The report also focused on software supply chain attacks that have caused major problems for organizations in recent years and are likely to continue to do so in the future.

56 percent of Indian organizations experienced an attack on the software supply chain compared to 41 percent in Japan, 36 percent in Singapore and 49 percent in Australia.

However, 60 percent of organizations had a comprehensive strategy in place when their organization experienced the first software supply chain attack compared to 20 percent in Japan, 39 percent in Singapore and 48 percent in Australia.

Indian organizations are also planning to use the following technologies to protect against software supply chain attacks in the next 12 months. Organizations are investing in technologies such as behavioral analytics (36 percent), threat intelligence (35 percent) and blockchain technology (35 percent) for better prevention.

“Furthermore, 80 per cent of Indian organizations said their vetting process has become more rigorous and more detailed checks are needed in the wake of recent attacks on the supply chain of high-profile software such as SolarWinds and/or Sunburst,” according to the report.

However, 72 percent of Indian respondents said they fully trust the security of their organization’s supply chain.

In addition, 66 percent of Indian organizations lose trust in legacy IT suppliers due to such attacks

“The survey presents a disturbing picture of the modern threat landscape, showing that adversaries continue to exploit organizations around the world and circumvent legacy technologies. Today’s threat environment is costing businesses around the world millions of dollars and causing in additional repercussions.

“The evolving remote workplace is sure to highlight challenges for companies as legacy software like Microsoft struggles to keep pace with today’s rapidly digital world. This makes a clear illustrative call that companies need to change the way they operate and evaluate more stringently the suppliers they work with,” Sentonas added.

“The threat landscape continues to evolve at an alarming pace and it is clear that modern organizations need a comprehensive end-to-end platform and cloud-native approach to address and address threats in an expedited manner,” added Sentonas.

The cybersecurity firm has also encouraged organizations to strive to fulfill the 10-1-60 rule. She explained that according to this rule, “security teams demonstrate the ability to detect threats within the first minute of a breach, investigate and understand the threat within 10 minutes, and contain and eliminate the threat within 60 minutes.”

CrowdStrike has commissioned independent technology market research specialist Vanson Bourne to conduct the quantitative research on which this white paper is based. A total of 2,200 senior IT decision-makers and IT security professionals were interviewed during September, October and November 2021, with representations across the US, Europe, Middle East, Africa and Asia Pacific regions.

Source link

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *