Has paying the ransom become business as usual?
Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.
According to the report, 69% of executives said that their company faced a ransom attack in the past year, compared with only 14% noting so in 2016. Meanwhile, two-thirds of executives (66%) report a lack of confidence in their network security, admitting their networks are penetrable by hackers.
Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber-attacks. In a sign that consumers will not accept data breaches, 41% of executives noted their organization faced legal action from customers following a breach. At the same time, executives stated that their biggest concerns associated with cyber-attacks are customer loss (41%) and brand reputation loss (34%).
In the midst of all this, organizations still struggle to implement tools that would improve their cybersecurity posture. While more than one in three (35%) executives noted that encrypted attacks would be detrimental to their organization, 41% reported that they continue to review the legalities of decrypting traffic on their network.
Have we reached an automation tipping point?
The complexity of networks and changing attack vectors have led companies to invest in automated and machine learning security tools. Over the past two years, 71% of executives report shifting network security spending to investments in automated security.
Gaps between clouds create major security risk
More than 90% of executives report using multiple public and private cloud environments as part of their companies’ IT infrastructure, and most companies host up to 50% of their business applications in the cloud. C-suite executives clearly understand that dispersing their network across multiple public and private clouds introduces security risks however. The vast majority of respondents (96%) are very or somewhat concerned about network vulnerabilities created by using multiple clouds.
“Businesses are trying to increase operational efficiency by moving to cloud infrastructure,” continued Convery-Pelletier. “Spreading apps across the cloud can increase network agility, improve scalability, and manage cost. However, most organizations only secure the individual cloud environments, and without looking at securing the network as a whole, they create gaps between the clouds.”
Executives reveal their most detrimental security threats
38% of executives report daily or weekly attacks. Executives feared social engineering (38%), ransomware (38%) and malware (37%) as the most detrimental to their business, followed closely by IoT botnet powered DDoS attacks (35%), and encrypted (35%) attacks.
Nation state attacks motivate security upgrades for American organizations
U.S. executives in particular were more likely than their peers in EMEA and APAC to say that attacks by nation-states have influenced security changes. More than half of U.S. executives pointed to nation-state threats as a motivator, while just 30% in the APAC region, and 41% in the EMEA region said so.
Companies react when peers are attacked
Approximately 61% of executives said that watching attacks on peer companies influenced their decision to change security policy. Almost as many, 59%, said attacks on their own organizations had prompted changes in their security posture.