It’s no secret: the frequency of cyberattacks is on the rise. Enterprise IT and security leaders are facing a “crisis of trust” as mainstream software providers seemingly fall short of providing security coverage needed to protect against modern threats, especially those related to ransomware and supply chain attacks.
These sentiments come from the 2021 CrowdStrike Global Security Attitude Survey, conducted by independent research firm Vanson Bourne. The fourth annual study surveyed more than 2,200 IT and security managers at medium-sized and large organizations around the world.
Its findings reveal security pros’ concerns are growing, especially around the increases in frequency and complexity of cyberattacks. Key software providers have fallen behind, they believe, leaving organizations increasingly susceptible to potential attacks. Businesses also expressed great concern about threats related to ransomware and the software supply chain.
Ransomware continued to accelerate as a popular attack method throughout 2021, to no surprise among security pros. The survey indicates more than two-thirds (66%) of respondents’ organizations were hit with at least one ransomware attack in the preceding 12 months—an increase from the 56% that reported attacks over the same time period in 2020.
As ransomware attacks escalate, so do their consequences: ransom demands have quickly increased year-over-year since cryptocurrencies made these campaigns lucrative for the attackers behind them. The average ransom payment in 2021 was $1.79 million USD, a 63% jump from $1.1 million USD in 2020.
Even if an organization were to pay an attacker’s hefty ransom, the trouble often continues. Nearly all organizations (96%) that paid a ransom suffered additional losses with attackers demanding more payments—an average of $792,493 USD per victim. Why? Because the attacker convinces the organization to pay more by threatening to publish the data they exfiltrated on public-facing “dedicated leak sites” or threatening to publicize the attack itself.
Survey data shows organizations must do more to protect themselves. The majority (57%) say they do not have a comprehensive strategy in place to defend against ransomware attacks.
Supply Chain Attacks Accelerate
Supply chain threats made headlines in 2021 when the world learned of the large-scale Kaseya and Sunburst incidents. These types of cyberattacks start with vulnerable or compromised code in the tools and services that organizations have historically relied on as trusted software components, applications, support, and infrastructure to run their day-to-day operations.
Confidence has decreased among enterprises using mainstream software suppliers, as many security incidents have been connected to vulnerabilities in products and services they sell. In some cases, when vulnerabilities are not appropriately addressed by the vendor, organizations are left with even more risk. Microsoft’s PrintNightmare patching issues, disclosed last summer, provide one example. In this case, the initial patch for the vulnerability failed to completely address the issue. The miscommunication about the fix could have led IT teams to believe their products were patched and secure—when in reality there was another or bigger issue surrounding the product. (Read more about CrowdStrike’s Microsoft vulnerability analysis.)
The loss of trust is widespread: nearly two-thirds (63%) of respondents are losing confidence in big software companies. Nearly half of respondents (45%) experienced a supply chain attack in the last 12 months, which is a considerable leap up from 32% in 2018 (see figure below).
The vast majority of IT and security pros (84%) believe supply chain attacks will be among the most significant security threats they’ll face in the next three years. This belief underscores the need for organizations to reinvigorate their programs around software vetting and approvals, the suppliers they work with and, of course, their vulnerability management processes. The reliance on certain sets of software may be unavoidable for enterprises, but these programs and rigorous security processes can help bolster security posture. If supply chain incidents continue to increase, unprepared organizations could find themselves in trouble.
1-10-60 Rule Bolsters Security Strategies
CrowdStrike advises businesses to employ the 1-10-60 minute rule, which is a benchmark for creating security plans and gauging readiness in case an attack hits. Teams using this rule show they are able to detect threats within the first minute of a breach, investigate and understand the threat within 10 minutes, and contain and eliminate the activity within an hour.
Organizations are advised to use the 1-10-60 rule as a key performance indicator, as survey data shows some are falling behind in detecting and responding to threats. Respondents estimated it would take their business an average of 146 hours to detect an attack—longer than the averages reported in 2020 and 2019, which were 117 hours and 120 hours, respectively—and this rule encourages security staff to create better efficiencies around potential incidents.
Enterprises can’t get away from the growing number and complexity of cyberattacks, especially as their own environments grow wider and more sophisticated. Hybrid work environments, work-from-home situations, and complex technology stacks could all be to blame for longer detection and response times. As the data has indicated, the security risk is growing and points to more incidents in the next few years.
The 1-10-60 rule will help, but security teams need more assistance, especially in the near future. Adding more resources can help in partnership with a robust security strategy. Managed endpoint monitoring and response solutions, robust IT hygiene and real-time vulnerability monitoring all contribute to speed, efficiency, and the containment of any potential incident that comes through an organization's environment. As the rise in ransom demand payouts are growing, the request for additional security support should require very little convincing.
The data is clear: today’s IT and security leaders must invest in modern security architecture before an attack hits. CrowdStrike is committed to providing organizations around the world with the innovative technology they need to help them understand who is targeting them and why, enabling organizations to stay ahead of adversaries before they attack.