The 2023 Global Ransomware Report
While 78% of organizations believe they are ‘very’ or ‘extremely’ prepared to mitigate an attack, 50% still fell victim to ransomware last year Vishak Raman Vice President of Sales, India SAARC and Southeast Asia at Fortinet Executive summary Fortinet recently surveyed 569 cybersecurity leaders and decision-makers from organizations of all sizes and industries around the globe to understand their perspectives on ransomware, how it has impacted their organizations, and what strategies they have in place to mitigate a potential attack. In this year’s survey, more than 80% of respondents say they are ‘very’ or ‘extremely’ concerned about the threat of ransomware, yet a similar number (78%) of organizations surveyed also believe they are ‘very’ or ‘extremely’ prepared to thwart a breach. Despite those concerns and feelings of preparedness, half of the organizations surveyed still fell victim to ransomware last year. Of the organizations that experienced a ransomware incident, 71% said they paid at least a portion of the demanded ransom, even though 72% indicated they detected the incident within hours (often within minutes). And while nearly all respondents had cyber insurance, this didn’t guarantee that all costs would be covered, or data restored. In fact, only 35% of those affected by ransomware recovered all their data after the incident. It’s not all bad news, though. In fact, despite economic uncertainty, nearly all leaders surveyed (91%) expect increased security budgets in the coming year to invest in technologies and services that further safeguard their networks from a potential ransomware attack. In general, security leaders’ top priority is to implement advanced technologies such as artificial intelligence (AI) and machine learning (ML) that enable faster threat detection, followed by central monitoring to speed response. And specifically, Internet-of-Things (IoT) security and next-generation firewalls (NGFWs) topped the list of areas and products that leaders planned to invest in, with the greatest increase in plans to implement endpoint detection and response (EDR) and secure email gateway (SEG) solutions. This is a promising plan, as phishing emails were the number one method respondents reported ransomware actors used to gain entry. And of course, the endpoint is the ultimate destination of ransomware. “Though three out of four organizations detected ransomware attacks early, half still fell victim to them. These results demonstrate the urgency to move beyond simple detection to realtime response. However, this is only part of the solution as organizations cited the top challenges in preventing attacks were related to their people and processes. A holistic approach to cybersecurity that goes beyond investing in essential technologies and prioritizes training is essential” Interestingly, while many security leaders have traditionally believed that buying the best individual product for a project will yield the strongest cybersecurity posture, this year’s survey data indicates that those organizations that reported taking a point product approach were the most likely to become a victim of ransomware. However, technology is only part of the solution. The survey found that four out of the top five challenges in preventing ransomware were related to people and processes. As ransomware proliferates and attacker methods grow in sophistication, organizations of all shapes and sizes are a target, making it crucial that security leaders invest in the right technologies, people, and processes now to prevent a ransomware incident in the future. The Growing sophistication of ransomware makes every organization a target While ransomware has existed for decades, the global threat remains at peak levels. It also continues to become more sophisticated, causing increasing harm to organizations worldwide. According to observations from the FortiGuard Labs Incident Response (IR) team, financially motivated cybercrime accounted for the highest volume of incidents (74%) in 2022, with 82% of financially motivated cybercrimes involving the deployment of ransomware or malicious scripts. While year-over-year ransomware growth has slowed in 2022 – following the explosion of this attack method in 2021 – the frequency of it is still increasing. For example, in the first half of 2022, FortiGuard Labs observed the introduction of 10,666 new variants – that’s double the number seen in the six months prior.2 The likely reason for the change is that Ransomware-as-a-Service (RaaS) operations are maturing, enabling cybercriminals to successfully introduce new, more sophisticated, and aggressive variants than ever before. And they are also being more selective, specifically targeting organizations able to provide a large payout. In contrast to the early success of RaaS, which initially relied on volume – more affiliates meant more opportunities to infiltrate networks and launch attacks – RaaS operators are increasingly becoming more selective regarding the associates they allow to join their operations. This more systematic approach to executing ransomware attacks is yielding greater success. For starters, they’re spending more time conducting reconnaissance to identify lucrative targets, meaning that many ransom demands now reach well into the tens of millions of dollars. Additionally, the ransoms these groups are demanding from their targets now tend to be commensurate with the organization’s size and industry. Many cybercriminal organizations use a formula to determine what amount to ask for so that a victim is more likely to pay. This growing maturity of ransomware operations is to be expected, given that RaaS is a significant driver of Crime-asa-Service (CaaS). Yet, as RaaS operators become more aggressive with their playbooks and incorporate increasingly destructive elements into attacks – such as the growing use of wipers – organizations of all shapes and sizes must implement appropriate security strategies to mitigate potential breaches. Ransomware attacks are common and costly Given the evolution and growing sophistication of ransomware operations, it’s not surprising that 84% of organizations represented in this year’s survey remain ‘very’ or ‘extremely’ concerned about this threat, which is even higher than the 76% of respondents that expressed the same level of worry when surveyed in 2021. However, despite these concerns, 78% also believe they are ‘very’ or ‘extremely’ prepared to prevent or mitigate a ransomware attack (up significantly from the 63% who felt that way in the prior survey). In fact, more than 90% of those surveyed said that having a ransomware strategy…