Whether a small business or a large enterprise, all organizations are feeling the impact of ransomware. Attackers have honed their tactics, taking advantage of generative AI to make phishing attacks exceedingly clever while continuing their focus on disruptive supply chain attacks. The next generation of threats are more targeted, and with the assistance of AI and a thriving cybercrime as a service market, the barrier to entry for aspiring cybercriminals has never been lower.
In the third annual OpenText™ Cybersecurity 2024 Global Ransomware Survey, we put a magnifying glass to these growing attack techniques and vectors. Disturbingly, while companies of all sizes are aware of the risks they face, and have taken measures to improve resilience, successful ransomware attacks and payments continue to increase.
Ransomware strikes
Alarmingly, nearly half of respondents (48%) reported that their company has previously experienced a ransomware attack, with almost three-quarters (73%) of companies experiencing a ransomware attack this year. Among those who experienced a ransomware attack in the past year, about half (46%) paid the ransom, with 31% of those payments ranging between $1 million and $5 million. The survey also revealed that SMBs experienced more ransomware attacks than large enterprises this year, highlighting the need for organizations of all sizes to defend against ransomware.
With 39% of companies testing the reliability of recovery plans with techniques like dry runs once every few months, and 29% twice a year, companies can recover data after these attacks. Almost all respondents (97%) reported the successful restoration of their organization’s data. Data management solutions help companies retrieve this data and keep their businesses running.
Supply chain attacks at center stage
A majority of respondents (91%) are concerned about ransomware attacks on their company’s downstream software supply chain, third-party and connected partners. Recent breaches by key industry vendors like Change Healthcare, Ascension and CDK Global that caused sector-specific outages and losses made respondents more concerned about being impacted by a supply chain attack; almost half (49%) are concerned enough to consider making vendor change.
Among those who experienced a ransomware attack in the past year, 62% reported that they have been impacted by an attack originating from a software supply chain partner. Notably, 90% of these respondents are planning to enhance their collaboration with software suppliers to improve security practices over the next year.
Given the massive sector-specific outages caused by these recent breaches and other impacts, two-thirds of respondents (67%) are planning to increase collaboration with software suppliers to improve security practices in the next year. Only 15% are not. Almost three-quarters (71%) of respondents assess the cybersecurity practices of their software suppliers at least twice a year.
In addition to regular security audits of software suppliers, vendors and partners, which ranked as the most important tool to help secure the software supply chain, the implementation of advanced threat detection tools is the second most important. Threat detection and response tools need to go beyond traditional borders so organizations can proactively protect their assets from attacks.
AI-powered attacks
While the rise of AI empowers security teams to more effectively triage alerts and automate response, AI also helps cyber criminals be more efficient, contributing to an increase in phishing attacks and growing fears about AI-powered attacks.
Nearly half (45%) of respondents observed an increase in phishing attacks due to the widespread use of AI, and among those who have experienced a ransomware attack, 69% noted an uptick in phishing. Similarly, 55% of survey participants believe their companies are at greater risk of suffering a ransomware attack due to the proliferation of AI usage among threat actors.
Investing in cybersecurity
Awareness for ransomware threats is growing and so is regulation. According to 37% of respondents, regulatory compliance or cyber insurance requirements are the primary drivers for increasing ransomware defense investment within the software supply chain.
As such, about three-quarters (72%) of respondents are covered by cyber insurance in case an attack is successful. A surprising 25% are not and only 3% are not because it’s too expensive. The financial risks, however, presented by the increasing frequency and sophistication of cyber threats make cyber insurance an essential investment.
Businesses are also increasingly investing in cloud security as well as security awareness and phishing training. Almost two-thirds (66)% of respondents reported that their companies are prioritizing cloud security. Over half (56%) of companies outsource security to an IT or managed services provider.
Furthermore, 91% of respondents stated their companies require employees to participate in security awareness or phishing training. In 2024, 66% of companies conducted training at least once per quarter, a significant increase from 39% in 2023. The rise in security awareness training is a positive indication that organizations are taking ransomware threats seriously and understand the risk that employees on the front lines represent. Respondents believe current security awareness programs and training are effective in addressing AI-related risks – 88% of respondents think programs and training are very or somewhat effective.
Avoid paying the attacker’s paycheck
The findings from OpenText’s Cybersecurity 2024 Global Ransomware Survey reveal that while investments in cybersecurity are increasing, companies are still paying ransoms at alarming rate. Paying a ransom only perpetuates the problem. If we are to disrupt the growing trend of ransomware attacks, it starts with companies refusing the pay the ransom and instead relying on their cyber resiliency playbook.