Join top executives in San Francisco on July 11-12 to hear how leaders are integrating and optimizing AI investments for success. Learn more
Today, cloud network detection and response provider ExtraHop released the 2023 Global Cyber Trust Indexwhich showed that not only has the average number of ransomware attacks increased from four to five between 2021 and 2022, but also that 83% of victim organizations have paid a ransom at least once.
The report found that while entities such as the FBI And CISA arguing against paying ransom, many organizations decide to pay the cost of paying ransom in advance, which leads to a average of $925,162, rather than endure further operational disruption and data loss.
Organizations “pay a ransom because they believe it’s the quickest, easiest way to get their business back up and running,” said Jamie Moles, senior technical manager at ExtraHop.
At the same time, many cybergangs’ popular double extortion mode “includes stealing data before encrypting it and threatening to publish it on the Internet if you don’t pay the ransom,” according to Moles, putting additional pressure on organizations to pay.
The cost of cybersecurity debt
The survey comes just after KFC’s parent company, Taco Bell and Pizza Hut Yum! To notice announced that it had experienced a ransomware breach.
One of the underlying themes of the ExtraHop report released today is that organizations are giving ransomware attackers power over their data by failing to address vulnerabilities caused by unpatched software, unmanaged devices and shadow IT.
For example, 77% of IT decision makers say that outdated cybersecurity practices have contributed to at least half of security incidents.
Over time, these unaddressed vulnerabilities increase, giving threat actors more potential entry points to exploit and more leverage to force companies to pay.
“The likelihood of a ransomware attack is inversely related to the amount of unbounded surface attack territory, which is an example of cybersecurity debt,” said Mark Bowling, chief risk, security and information security officer at ExtraHop. “The liabilities and ultimately the financial loss resulting from this deprioritization exacerbates cybersecurity debt and exposes organizations to even greater risk.”
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.
