2023 Ransomware Report – What’s New and How Can Your Organisation Prepare?

Whilst ransomware has existed for decades, the global threat remains at peak levels. It also continues to become more sophisticated, causing harm to organisations worldwide. Fortinet recently surveyed 569 cybersecurity leaders and decision-makers from organisations of all sizes and industries to gain an understanding of the current state of ransomware as we approach the halfway point of 2023.

Interestingly, 78% of organisations surveyed by Fortinet believe they do have the strategy and solutions necessary to impede an oncoming cyber attack, yet half of those surveyed still fell casualty to a ransomware attack in the past year.

For the organisations that were a victim of a ransomware incident, 71% paid a fraction of the demanded ransom, despite 72% indicating they identified the breach within hours, often even minutes. Additionally, whilst nearly all survey respondents had cyber insurance in place, not all costs were covered, and arguably more importantly, data restored. In fact, a mere 35% of those affected by an attack retrieved their lost data.

However, not all is lost, as despite the uncertain economic environment businesses are operating in worldwide, 91% of leaders surveyed are expecting an increase in security budgets in the following 12 months, with plans to invest in technologies and services that strengthen network security.

Technology is only part of the solution for a more resilient business posture. As ransomware becomes more sophisticated in its execution, organisations of all shapes and sizes are now considered a target, meaning it’s critical that business and security leaders not only invest in the right technologies, but also dedicate time and resource to the right people and processes.

The Growing Sophistication of Ransomware

According to research conducted by Fortinet, 74% of cybercrime incidents are financially motivated, with 82% of these attacks involving the deployment of ransomware or malicious scripts.

During the first half of 2022, Fortinet detected 10,666 new ransomware variants, double the amount recorded in the six months prior. This is likely due to growing Ransomware-as-a-Service (RaaS) operations that allow cyber-criminals to introduce more complex and aggressive ransomware variants than ever before. In doing so, cyber-criminals have the luxury of becoming more selective with their targets, often looking for organisations that have no cyber insurance or have the ability to pay larger ransom sums.

Ransomware is More Common and Costly Than You Think

The systematic approach to ransomware attacks is proving more successful, with 84% of organisations surveyed by Fortinet remaining extremely concerned about the threat of ransomware, 8% higher than those expressing the same concern last year.

Yet, irrespective of these concerns 78% of participants also believe they are extremely prepared in their strategies to prevent or mitigate a ransomware attack. Over 90% of those surveyed said that implementing a remediation strategy is at least one of their organisation’s top three cyber security priorities.

This concludes that unfortunately, there seems to be a distorted reality between perceptions of a business’ cyber-preparedness and its actual ability to prevent a cyber attack. Of the respondents surveyed by Fortinet this year, half were a victim of a ransomware attack, and a further 46% were targeted at least twice.

Phishing and malicious email activity remained the top tactic for ransomware deployment, followed by unsecured end points and remote desktop protocol exploits. Attacks by numerous methods were reported by over half of the survey’s participants, suggesting ransomware operators are using multi-pronged approaches to conduct the same attack or a multitude on the same target.

Additionally, the majority of respondents that experienced an attack have a policy in place that instructs the ransom is paid as requested. Interestingly, organisations in certain industries were more susceptible to declaring ransom payments than others. For example, those in the manufacturing industry paid the requested ransom more often than any other sector, with the ransom also being higher. In 25% of breaches amongst manufacturing businesses, the ransom was at least £802,000. Of course, the industry’s willingness to pay the ransom is understandable when considering the impact of any potential downtime.

Looking Ahead

However, paying the ransom or relying on cyber insurance is not an effective cyber security strategy when it comes to risk mitigation. This is proven by the 65% of respondents who were unable to recover their data post-attack. Furthermore, just under half of organisations with cyber insurance didn’t receive as much coverage as expected.

Don’t wait until it’s too late. Business resilience has never been more important. Fail to prepare and the course of your success can change in an instant. Investing in reliable infrastructure, advanced cyber security tools and proper management of your assets enables business growth with minimal disruption.

By working with a technology solutions partner like SysGroup, you can build a secure and flexible IT infrastructure that is predicated on business continuity and the avoidance of disruption, ensuring you’re prepared for whatever the future holds.