Increased Data Recovery and Ransom Payments Are Stimulating the Ransomware Industry, Finds ‘2020 CDR’
Record-Setting Cyberattacks and Rising Shortage of Skilled IT Security Personnel Prompt 85% of IT Professionals to Favor Security Products Featuring Machine Learning and AI
CyberEdge Group, a leading research and marketing firm serving the security industry’s top vendors, announced the availability of its seventh annual Cyberthreat Defense Report (CDR). The award-winning CDR has rapidly become the de facto standard for assessing organizations’ security posture, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.
“This year, both good news and bad news are stimulating growth of the multi-billion-dollar ransomware industry”
Ransomware attacks break a record
New this year, the report uncovered two trends that are stimulating record-setting ransomware attacks:
- More ransom payers are successfully recovering their data. In 2018, only 49 percent of ransom payers successfully recovered their data. That number rose to 61 percent in 2019. Today, 67 percent of ransom payers have recovered their data.
- More payments are incentivizing the ransomware industry. In 2018, only 39 percent of ransomware victims actually paid the ransom. In 2019, that number rose to 45 percent. Today, an alarming 58 percent of victimized organizations have paid ransoms.
In 2018, CyberEdge was the first research firm to quantify data recovery rates for ransom payers. Following the company’s announcement that less than half of ransom payers successfully recovered their data that year, cybercriminals started to realize that withholding encrypted data after receiving ransom payments is bad for business.
Recommended AI News: Can Coding Bootcamps Help to Change Your Career?
Since then, data recovery rates for ransom payers have gone up. Unfortunately, the increased likelihood for data recovery is motivating more organizations to pay ransoms, which in turn is stimulating growth of the ransomware industry. Last year, 56 percent of organizations were compromised by ransomware. That number rose to 62 percent this year – a new record.
“This year, both good news and bad news are stimulating growth of the multi-billion-dollar ransomware industry,” says Steve Piper, founder and CEO of CyberEdge Group. “To combat ransomware and other threats, I advise IT security organizations to invest wisely in products that continuously discover and patch vulnerabilities, uncover advanced threats using machine learning and artificial intelligence, and continuously back up their data everywhere. I also recommend organizations invest more in their people, including training and certification for IT security personnel and ongoing security awareness training for all employees. Never underestimate the value of the human firewall.”
Severe staffing shortages plague IT security
A severe shortage of IT security talent is driving important changes in technology and practices. The CDR found 85 percent of organizations are experiencing a shortfall of skilled IT security personnel, and survey respondents cited “lack of skilled personnel” as their biggest obstacle to adequately defending against cyberthreats. This crisis is leading to strong preferences for technologies that can increase the productivity of existing IT security teams, such as security orchestration, automation and response (SOAR), advanced security analytics, and security products that feature ML and AI technologies.
Recommended AI News: Future FinTech Announces Headquarters Relocation to Beijing
Additional key findings
The 2020 CDR yielded dozens of insights into the challenges IT security professionals faced last year and the challenges they’ll likely continue to face for the rest of this year. Key findings include:
- Successful cyberattacks at record levels. For the first time in CDR history, four out of five organizations (81 percent) experienced at least one successful cyberattack, up from 78 percent the prior year.
- Hottest security technologies for 2020. Next-generation firewalls (NGFWs), containerization (e.g., browser isolation, micro-virtualization), application container security tools, threat intelligence platforms (TIPs) and services, and SOAR are among the most sought-after security technologies in 2020.
- The new app security “must haves.” API gateways, database firewalls, and web application firewalls (WAFs) are this year’s most widely deployed application and data security technologies.
- Decryption deficit. Surprisingly, only a third (35 percent) of SSL/TLS-encrypted w********** is decrypted for inspection by network security devices, opening up the door to undetectable encrypted cyberthreats and associated data exfiltration.
- Training and certification in demand. The vast majority of IT security professionals (87 percent) who haven’t received formal training would welcome it. Two-thirds (67 percent) of IT security professionals who haven’t yet achieved a security professional certification plan to get started in 2020.
- Security’s weakest links. For the third straight year, application containers are rated as the IT component most difficult to secure, followed by operational technology (OT), Internet of things (IoT) devices, and mobile devices.
- Putting trust in zero trust. Of those organizations who haven’t started assembling a zero-trust network architecture, 67 percent plan to get started in 2020.
- Security’s slice of the IT budget pie. On average, IT security consumes 12.8 percent of the overall IT budget, up from 12.5 and 12.1 percent in the preceding two years.
“Consistent, informed research is invaluable to decision makers—and in my experience, research that is repeated year after year with the same focus and methodologies is the most valuable,” said Richard Stiennon, chief research analyst with IT-Harvest. “For seven years, the Cyberthreat Defense Report has provided an annual look at how IT security professionals perceive threats and take actions to counter them. I find it interesting that in this year’s report, almost 20 percent of respondents did not have a single breach in the last 12 months. That supports my contention that good cyber defense is possible. Of course, that means addressing the critical factors identified in the CDR, including finding and hiring qualified IT security staff. To this end, I will continue to refer to the latest CDR to form my perspective of the industry and where it is heading.”
Recommended AI News: Tradeshift Engage Accelerates Full Supply Chain Digitization With Seller-Focused Incentives
Comments are closed, but trackbacks and pingbacks are open.