Ransomware's Relentless Rise Strains Security Teams  

Ransomware gangs have been plundering businesses around the world at an accelerating pace in the past 12 months, according to a new survey, pushing some cybersecurity professionals to the breaking point.

Nearly half of companies represented in Mimecast’s State of Ransomware survey (conducted in July) have experienced more ransomware attacks in 2022 than 2021. About one-third battled the same volume of attacks as before.

Of the many consequences of this state of siege, the cybersecurity professionals we surveyed recounted a steep human toll, including everything from burnout and absenteeism to staff defections and decreased confidence in their organizations’ ability to fend off attacks. Fully one-third said they were thinking of leaving their role within the next two years due to the stress.

Some clear patterns emerged in the survey, which included respondents working in companies of various sizes, industries, and nationalities. A common refrain was that cybersecurity professionals felt they lacked sufficient funds to staff up and equip themselves — even as seven in 10 expected a continuing escalation of all types of cyber risk over the coming two years. Below, we break down the report’s findings about ransomware and its human impact.

Ransomware Attacks from All Angles

More than three-quarters of survey respondents had experienced one or more ransomware attacks in the past year, of which about 20% reported five or more. Ransomware came at companies from every angle over the past twelve months, including:

• Phishing emails with ransomware attachments: 53%.
• Phishing emails leading to drive-by downloads: 43%.
• Supply chain attacks: 40%.
• Compromised credentials: 40%.
• Abuse of the remote desktop protocol: 35%.

Defenses Improve, But Still Fall Short

Companies are not defenseless against cyber-extortionists, but many feel they are operating with insufficient resources — and with weak safety nets. Here’s the picture survey respondents painted:

• Cybersecurity teams are doing many of the right things. Roughly half of respondents were already taking one or more of the following steps: backing up files, regularly patching systems, requiring multi-factor authentication, scanning emails for malicious links and training employees to understand how cybercriminals use email to plant ransomware. In these and other ways, eight in 10 security professionals said that this year, they are better prepared to fend off ransomware than in previous years.
• But budgets are falling short. Despite feeling better prepared, nine in 10 said they need more funding to combat ransomware — to be precise, an average budget increase of 28%. Their top three requirements: updated security systems, better security awareness training for employees, and entirely new security systems (across categories including web security, endpoint protection, file backup/recovery, VPNs, and secure email gateways). And for half of the survey’s participants, our analysis showed that a single ransomware attack could deplete 20% of their current annual cybersecurity budget.
• Siloed systems thwart effectiveness. Today, the cutting-edge approach to making lean security teams more efficient and effective is to integrate the growing number of point security solutions and endpoints. However, our survey revealed that only about one-quarter of security professionals had integrated detection capabilities and orchestrated responses.
• Insurance coverage is uncertain. The number of companies that believed they could rely on their cyber insurance provider to cover ransomware payments was down by 15% this year.  That’s not surprising, with many insurance companies reconsidering payouts and excluding some forms of ransomware attacks from their coverage.

The pressures surfaced by our research are part of a bigger picture. In the midst of a skills shortage in the security profession worldwide, security teams were significantly short of staff at one-third of companies that responded to Mimecast’s separate State of Email Security 2022 survey. This and other factors can create a sense of inevitability around ransomware, as well as a tendency for security teams to focus more on file backups and other mitigation measures instead of proactive detection and prevention. However, such a defensive approach can result in an over-reliance on their ability to respond to attacks and expose them to more attacks.

Ransomware Impacts Business and Personnel

For ransomware victims, the stakes are high. Of those organizations attacked by cyber-extortionists, 40% suffered significant downtime. Over one-third lost revenue, up from over one-quarter the previous year. Other impacts included legal challenges, C-suite firings, and reputational damage. But the ongoing threat of ransomware arguably inflicts even more harm on the personnel tasked with protecting their companies. These human costs include:

• Waning confidence: Confidence that security teams can maintain essential email continuity with no disruption following a ransomware attack, for example, has dropped.
• Mounting stress: Over half (56%) of respondents said their work stress increases every year.
• Mental health: About the same number (54%) reported a negative impact on their mental health.
• Absenteeism: One-third said that their teams have experienced an increased number of employee absences following an attack.
• Staffing issues: About one-third also have trouble recruiting essential IT staff after an attack.
• Resignations: One-third of respondents are thinking of resigning within the next two years due to stress and burnout.

“Businesses can become more vulnerable to more attacks after one has taken place, not least due to the stress, burnout, and recruitment issues experienced by teams in the wake of an incident,” Mimecast’s State of Ransomware report concluded. “To avoid this cycle, it’s critical to have fundamental measures in place, like robust email security and employee training, supported by a large enough budget. Integration of security systems is another powerful way of alleviating some of the pressures busy teams experience.”

The Bottom Line

Too many security teams have seen their ranks suffer and even thin out as the wave of ransomware continues to sweep over business and society. Read Mimecast’s latest research to learn more about the problem and what can be done.