CIO response to ransomware - ‘meh’
Only 50 per cent of CIOs plan to make changes to combat WannaCry or Petya/NotPetya attacks.
CIOs have been generally unimpressed with the recent rise in ransomware attacks, according to new research, with only 50 per cent planning to improve security as a result of WannaCry.
A mere 15 per cent plan to make changes in response to Petya/NotPetya, in spite of 27 per cent admitting their organisations have suffered ransomware attacks, and a massive 83 per cent expecting further ransomware attacks in the future. The majority (76 per cent) of the 450 CIOs surveyed by IT governance non-profit ISACA said that while their organisations were reasonably prepared for ransomware attacks, only 50 per cent have carried out staff training on the topic.
More than half (53 per cent) of survey respondents reported a year-over-year increase in cyberattacks for 2016, with IoT overtaking mobile as primary focus for cyber defences as 97 per cent of organisations see a rise in its usage, and 78 per cent of organisations reporting malicious attacks of all types. Ransomware alone has now become a sizable international business, and it’s estimated that the global cost for organisations will reach $5 billion by the end of 2017, up 400 per cent from 2016 estimates.
Ilia Kolochenko, security expert and CEO of High-Tech Bridge, said that the rise in attacks comes as little surprise: “The ransomware market is becoming more professional and mature. Actors are getting various niche specializations to avoid direct competition and maximize their profit. In the near future, we will probably see an important growth of complementary [cybercrime] services offered to the ransomware gangs, such as online or phone support for the victims, or money laundering services. Big data and machine learning are also coming to the service of cybercrime, for example to suggest the highest ransom a victim can pay based on the victim’s profile.
“Unfortunately, law enforcement agencies lack coordination on the global and even national level, and face a serious shortage of the necessary resources to fight this emerging niche of cybercrime. Bitcoin and other digital currencies virtually guarantee untraceability to the attackers. Users will probably not change their careless behaviour, and will continue to pay ransom to get their data back for practical and pragmatic reasons. Therefore, ransomware will likely continue its impressive growth within the next few years.”
Perhaps worst of all, the ISACA researchers found that less than a quarter of organisations are applying the latest security software patches within the first 24 hours of release, with some waiting for more than a month before key updates are applied. They also found in an annual survey that fewer than 1 in 3 organisations (31 per cent) claim to routinely test their security controls, and 13 per cent never test them. Sixteen per cent do not have an incident response plan.
It is fairly clear the stakes are becoming higher - another recent survey from security firm Druva found that 50 per cent of ransomware victims are hit more than once, as attackers double down on vulnerable businesses - and possibly ones that actually pay up, although it is likely that particularly valuable organisations are targeted multiple times initially anyway. The Druva survey of 832 IT pros found that internal reporting speeds are still slow, with 40 per cent of cases beginning more than two hours before IT becomes aware of the problem, perhaps due to end-user error or recalcitrance. The vast majority of organisations agree that the issue is critical though, with 82 per cent of organisations believing ransomware attacks are on the rise.
On the bright side, the survey found that security overall is of increasing importance to enterprises, with eight in 10 organisations stating their executive leadership supports security, and more organisations than ever now having CISOs in charge of the information security function - 65 per cent of businesses have a CISO in post, as opposed to 50 per cent in 2016. Hopefully the number of CISOs will continue to rise throughout 2017, because ransomware and other attacks are certainly going to...