ExtraHop Report: 85% of Organizations Have Suffered a Ransomware Incident in the Past Five Years, 72% Paid a Ransom

Newly Released Cyber Confidence Index Survey Reveals False Sense of Security Felt by IT Decision Makers Despite Prevalence of Attacks

SEATTLE – March 1, 2022 – ExtraHop, the leader in cloud-native network detection and response, today released findings from a new survey on ransomware that sheds light on the discrepancies between how IT decision makers (ITDMs) see their current security practices, and the reality of the ransomware attack landscape. The ExtraHop Cyber Confidence Index 2022 report shows that however capable IT organizations have been in managing the dramatic transformations of the past couple of years, confidence still tends to outstrip actual security posture.

The survey, conducted by Wakefield Research, found that 77% of ITDMs are very or completely confident in their company's ability to prevent or mitigate cybersecurity threats. Despite this confidence, 64% admit that half (or more) of their cybersecurity incidents are the result of their own outdated IT security postures, including widespread use of insecure and deprecated protocols, as well as growing numbers of unmanaged devices. This inflated confidence is even more dangerous in light of the frequency of ransomware attacks—as 85% reported having suffered at least one ransomware attack, and 74% reported experiencing multiple incidents in the past five years.

Other key survey findings include:

  • The Cost of Ransomware is High: 72% of respondents admitted to ever paying a ransom while 42% of companies that suffered a ransomware attack said they paid the ransom demanded most or all of the time.
  • Damage to the Business: Ransomware attacks affect the entire organization. 51% of respondents reported business downtime resulting from attacks on IT infrastructure, 44% reported business downtime resulting from attacks on OT infrastructure, such as medical devices, factory automation systems, and 46% reported end user downtime resulting from attacks targeting users.
  • Everyone Is Looking For Better Insights, Data, and Cooperation: When asked to identify their top challenges, 43% cited the lack of cooperation between their network, security, and cloud operations teams. Additionally, 40% cited a lack of investment, 39% cited the long time required to train new hires, and 35% cited inadequate or overlapping tooling.
  • WFH with Outdated Protocols: Despite the shift to working from home, 69% of respondents acknowledged transmitting sensitive data over unencrypted HTTP connections instead of more secure HTTPS connections. Another 68% are still running SMBv1, the protocol exploited in major attacks like WannaCry and NotPetya, leading to more than $1 billion in damages worldwide.
  • Organizations Are Less Than Transparent: While two-thirds (66%) of respondents agreed it was good to disclose attacks, only 39% said they were fully open about attacks and willing to make information available for public knowledge when they actually took place.
  • Slow Response Times to Critical Vulnerabilities: When it comes to responding to critical vulnerabilities by installing patches or shutting down a vulnerable solution, response times vary. Only 26% respond in less than a day—probably fast enough to prevent most attacks, while 39% take one to three days, 24% take up to a week, and 8% take up to a month.

"This research highlights the discrepancies between the reality of today's sophisticated attack landscape and the overconfidence that many business leaders have in their ability to manage an attack," said Jeff Costlow, CISO at ExtraHop. "Defenders need tools that can track attacker activity across cloud, on-premises, and remote environments so they can identify and stop an attack before they can compromise the business."

This study shows that, even as companies continue to innovate with cloud technologies and remote workforces, their IT infrastructures remain mired in the past, with obsolete protocols providing ongoing opportunities for attackers to infiltrate networks and unleash ransomware attacks. A lack of visibility and effective use of data has also contributed to organizations' obstacles in identifying vulnerabilities and preventing ongoing ransomware attacks. To combat these challenges, organizations should look for ransomware mitigation tools that can capture network communications across all devices, and use technologies like behavioral analytics and artificial intelligence to detect behaviors that signal a ransomware attack in progress. By leveraging a network detection and response platform like ExtraHop's Reveal(x) 360, defenders can detect and stop the lateral movement and other post-compromise activity of ransomware attackers before they achieve real damage.

Additional Resources

Methodology

The survey of 500 security and IT decision makers in the US, UK, France, and Germany was conducted by Wakefield Research and sponsored by ExtraHop. Survey participants came from a wide range of industries, including financial services, healthcare, manufacturing, and retail, and worked at companies of varying sizes, including companies with annual revenue exceeding $50 million. About half the participants were in the US, with the rest hailing from the UK, France, and Germany.

About ExtraHop

ExtraHop is the cybersecurity partner enterprises trust to reveal cyber risk and build business resilience. The ExtraHop Reveal(x) network detection and response (NDR) platform uniquely delivers the unparalleled visibility and decryption capabilities that organizations need to investigate smarter, stop threats faster, and move at the speed of risk. Learn more at www.extrahop.com

© 2024 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or trademarks of ExtraHop Networks, Inc.

Press Contact