Highlights:
- Although security attacks reduced by 61% over the past year, almost 64% of organizations reported being breached.
- The number of organizations with incident response plans decreased from 94% to 71%, turning more vulnerable to security breaches.
Ransomware has been a potential threat to businesses after WannaCry attacked computers worldwide in 2017. However, the latest research put forth that such threats have been gradually declining.
Delinea, a Privileged Access Management (PAM) provider, in collaboration with Censuswide, released the “2022 State of Ransomware” report. Over 300 US-based IT decision-makers were surveyed to find out that only 25% of organizations have fallen prey to ransomware attacks in the last 12 months.
The report also revealed that the number of enterprises paying ransoms dropped from 82% to 68% during that period. Although security attacks reduced by 61% over the past year, almost 64% of organizations reported being breached.
Since the attacks are still proactive causing severe data losses, organizations and chief personnel cannot be less cautious about information susceptibility.
Why Should the Organizations be Warned?
Although the threats of ransomware are reducing, companies all over the world must remain utmost careful, as a single ransomware breach costs USD 4.5 million to the organization causing potential hazards to data security.
Joseph Carson, the chief security scientist and advisory CISO at Delinea, stated, “Ransomware is still a significant concern and threat to any organization, and some of the signs of complacency we saw evidenced in the survey research could be a harbinger of an increase in ransomware in 2023.”
It has been reported that the number of organizations with incident response plans decreased from 94% to 71%, making these companies more vulnerable to security breaches and less equipped to respond to ransomware attacks. This provides hackers an open doorway to infiltrating a company’s crucial data assets.
Proactive Measures for Organizations
Instead of being lenient, it’s high time organizations should remain alert and invest more money and time in making their security solutions concrete and hard to breach.
“Organizations should take a more proactive approach to cybersecurity, in particular where they are most vulnerable to these types of attacks; namely identity and access controls,” said Carson.
To reduce the chances of data hazards, organizations should adopt the principle of least privilege by incorporating Multifactor Authentication (MFA) and password vaulting.
Besides, as a part of post-breach actions, enterprises can opt for extensive incident response plans, frequent data backups, and accessing cyber insurance policies to combat further possible risks.