jamdesign - stock.adobe.com
A new CrowdStrike survey determined that more than half of the 2,200 respondents suffered ransomware attacks over the last 12 months.
Released Tuesday, the "2020 CrowdStrike Global Security Attitude Survey" included senior IT decision-makers and IT security professionals from both private and public sector organizations from across the globe: Australia, France, Germany, India, Italy, Japan, Middle East, Netherlands, Singapore, Spain, U.K. and U.S. The survey, conducted by independent research firm Vanson Bourne, featured the highest number of participants in the last three years, up from 1,300 in 2018. Respondents from the 12 countries were surveyed in August and September, with sectors varying from financial and manufacturing to IT, healthcare and transportation.
CrowdStrike's survey included some troubling results, including 56% of respondents saying their organization suffered at least one ransomware attack in the last twelve months; a number of respondents, including 22% of those in the U.S., said they suffered more than attack during that span.
Overall, only 27% of respondents' organizations paid the ransom when they suffered those attacks. However, according to the survey, those payments cost an average of $1.1 million. The survey also found that "concern levels around ransomware saw the largest proportional increase of any cyberattack since 2019." The number rose from 42% in 2019 to 54% in 2020.
CrowdStrike CTO Michael Sentonas told SearchSecurity the number of organizations that paid ransoms is concerning, even if it was only about a quarter of the organizations that suffered attacks.
"Even at 27%, that's a huge concern for me because in many countries throughout the world, particularly the U.S., an organization may be breaking the law by paying that ransom, so they're potentially creating a bigger problem for themselves," he said. "It's easy to pay and get up and running, but it may cause a lot of issues."
The survey also revealed minor improvements in the average detection time of a cybersecurity incident in respondents' organizations over the past year. The average time to detect a "cybersecurity incursion/incident," according to the survey, was 117 hours, which CrowdStrike said was slightly better than 120 hours in last year's report.
Sentonas said there are good and bad takeaways from the detection time results, particularly for U.S. organizations.
"The U.S. is much better at detection than the rest of the world, and their effectiveness improved. To put it into context, the global average is about 117 hours. It was 120 in 2019. The U.S. average is 97 hours, significantly better than the rest of the world, but in 2019, it was 67 hours, so what that does mean is that the U.S. did get worse even though they are performing better," he said. "I think there's a lot of reasons for that, and COVID-19 has created some complexity."
Other positive findings from the survey surprisingly involve the onset of the COVID-19 pandemic, which forced a resilient cybersecurity response. According to the survey, 84% of respondents said they have accelerated their digital transformation efforts as a result of COVID-19. In addition, 79% "believe that their organization's outlook, over the next 12 months, on its overarching security strategy and architecture, is more positive now as a result of the COVID-19 pandemic" and 73% "agree that COVID-19 has proven to be a catalyst for long-awaited approvals on security upgrades."
While it may be helpful for the future, in the thrust of the pandemic, more than half of respondents reported COVID-19 slowed down detection time of a cybersecurity incident in their organization. In an accompanying blog post Tuesday, Sentonas said the survey seems to indicate that organizations realize the link between COVID-19 and an increase in both ransomware attacks and the costs they incur.
"The danger and increasing sophistication of ransomware is not lost on this year's survey respondents, with 54% expressing concerns over ransomware attacks -- a significant increase over last year's findings of 42%," Sentonas wrote in the blog post.
Detection time for those attacks was a problem across the board. CrowdStrike's report found 90% of respondents said it would take their organization more than one minute to detect an incident. One part of the problem, according to the survey, is the focus is more on prevention and perimeter security than detection.
Another significant takeaway from the survey, according to Sentonas, is the increasing threat of nation-state threat groups.
"Among the key findings in this year's report is a growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks (71%). In addition, 87% of respondents indicated that nation-state attacks were much more common than most people think. In fact, 73% say these attacks are the single biggest threat to their organizations," he wrote in the blog.
According to Sentonas, the survey highlights the need for organizations to develop both digital and security transformations.
"This focus on improving security posture by increasing their investment in modernizing cybersecurity and accelerating cloud adoption also seems to have increased respondents' optimism, with 78% of them reporting a positive outlook on their organizations' security strategies and architecture over the next 12 months," he wrote in the blog post.