7 in 10 chief information security officers expect ransomware attack in coming year
Although paying ransom remains controversial, CISOs are equally concerned with the financial impact of restoring business operations.
As if businesses have not had enough challenges with the pandemic, inflation and supply chain issues, ransomware attacks also are on the rise. Fifty-three percent of chief information security officers said their businesses were hit in the past year, with 69 percent saying it is likely they will be successfully attacked at least once in the next year, according to a recent survey.
“Since the start of 2020, criminals have been doubling down on ransomware, making it a mainstream issue impacting supply chains and business operations across industries,” said Aimee Rhodes, CEO and founder of CISOs Connect.
“The good news is that CISOs are proactively taking steps to address these attacks. Their organizations’ ransomware concerns are acting as a catalyst to enable them to budget for new technologies and initiatives. But challenges as cited by the CISOs themselves still exist. Our research indicates a number of areas that require increased and immediate attention.”
According to respondents, ransomware has been a driving force for gaining the CISO a seat in the boardroom. It also has influenced priorities and buying decisions. Data backup and recovery are considered by many CISOs to be the most important countermeasures for defending against ransomware, followed by technical controls and practices for addressing endpoint, email and user vulnerabilities, where some of the greatest risks are found.
Although paying ransom remains controversial and is subject to rigorous internal debate, CISOs are equally concerned with the financial impact of restoring business operations. This is understandable when the total cost of an attack, including mitigation, recovery and possible payments, can total in the millions of dollars.
According to respondents, there is a 20 percent chance of paying more than $5 million and a 5 percent chance that the impact could be greater than $50 million.
“Our data show that while ransomware is driving a number of CISO initiatives and planning, many of the efforts may still be siloed,” Rhodes concluded. “This creates certain areas of exposure, which could cause issues as these attacks continue to accelerate. Based on the CISOs’ feedback, many would benefit from a more holistic approach that prepares them to not only prevent and detect ransomware but also for the possible financial impact.”