Radware, a provider of cyber security and application delivery solutions, has released its 2017-2018 Global Application and Network Security Report, which found that the percentage of companies reporting financially motivated cyber-attacks has doubled over the past two years, with 50% of surveyed companies experiencing a cyber-attack motivated by ransom in the past year.
As the value of bitcoin and other cryptocurrencies —often the preferred form of payment among hackers—has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later.
“The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies’ anonymity,” Andrew Foxcroft, regional director for Radware UK, Ireland and Nordics. “Paying a hacker in these situations not only incentivises further attacks, but it provides criminals with the vital funds they need to continue their operations.”
Organisational security against hacking
The number of companies that reported ransom attacks in which hackers use malware to encrypt data, systems, and networks until a ransom is paid surged in the past year, increasing 40% from the 2016 survey. Companies don’t expect this threat to go away in 2018 either. One in four executives (26%) see ransom as the largest threat to their business sector in the coming year.Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages
“Criminals used various exploits and hacks this year to encrypt vital systems, steal intellectual property, and shut down business operations, all with ransom demands attached to these actions,” Foxcroft said. “Between service disruptions, outages, or intellectual property theft, hackers are leaving businesses reeling, searching for solutions after a hack occurs. As hackers and their methods become increasingly automated, it is now more important than ever for organisations to be proactive in protecting their business.”
IoT security responsibility
Other key findings of the report include:
- Businesses are most concerned with their data when hit with a cyber-attack. Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages. Yet with five months to go until GDPR comes into force, only 28% say their organisation is very or well prepared for GDPR, and another third feel somewhat prepared. Not surprising, those in Europe are more likely to say they are very well or well prepared compared to those in North America (35% vs. 25%), while one in four in North America are completely unfamiliar with GDPR.
- Despite one in four (24%) businesses reporting cyber-attacks daily or weekly, nearly 80% of surveyed organisations have not come up with a calculation for the cost of attacks, and one in three lack a cybersecurity emergency response plan.
- Respondents are not quite sure who is responsible for Internet of things (IoT) When asked who needs to take responsibility for IoT security, there was no clear consensus among security executives. Responses pinned responsibility on the organisation managing the network through to the manufacturer (34%), but the majority said consumers using these devices (56%).
Radware’s Global Application and Network Security Report, now in its seventh year, is a cross-industry report compiled by Radware’s Emergency Response Team (ERT), leveraging vendor-neutral survey data from 605 IT executives spanning several industries around the globe, Radware’s hands-on experience handling today’s leading threats, as well as third-party service provider commentary.
The complete Global Application & Network Security Report 2017-2018 details 2017’s major attack trends and provides predictions and recommendations from Radware’s ERT for how organisations can best prepare for mitigating cyber threats in 2018.