The percentage of companies reporting financially motivated cyber-attacks has doubled over the past two years.
According to Radware’s 2017-2018 Global Application and Network Security Report, 50% of surveyed companies have experienced a cyber-attack motivated by ransom in the past year. As the value of Bitcoin and other cryptocurrencies – often the preferred form of payment among hackers – has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later.
“The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies’ anonymity,” said Carl Herberger, vice president of security solutions at Radware. “Paying a hacker in these situations not only incentivizes further attacks, but it provides criminals with the vital funds they need to continue their operations.”
The number of companies that reported ransomware attacks surged in the past year, increasing 40% from the 2016 survey. Companies don’t expect this threat to go away in 2018 either: One in four executives (26%) sees ransom as the largest threat to their business sector in the coming year.
“Criminals used various exploits and hacks this year to encrypt vital systems, steal intellectual property and shut down business operations, all with ransom demands attached to these actions,” Herberger said. “Between service disruptions, outages or IP theft, hackers are leaving businesses reeling, searching for solutions after a hack occurs. As hackers and their methods become increasingly automated, it is now more important than ever for organizations to be proactive in protecting their business.”
The report, which compiled vendor-neutral survey data from 605 IT executives spanning several industries around the globe, also found that businesses are most concerned with their data when hit with a cyber-attack. Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages.
Despite one in four (24%) businesses reporting cyber-attacks daily or weekly, nearly 80% of surveyed organizations have not come up with a calculation for the cost of attacks, and one in three lack a cybersecurity emergency response plan.
Interestingly, a separate finding in the survey is that respondents are not quite sure who is responsible for internet of things (IoT) security. When asked who needs to take responsibility for IoT security, there was no clear consensus among security executives. Responses pinned responsibility on the organization managing the network (35% of responses), the manufacturer (34%) and the consumers using these devices (21%).