Monday, 19 October 2020 13:25

Organisations are never the same after being hit by ransomware, according to Sophos global survey

By Sophos

The confidence of IT managers and approach to battling cyberattacks is vastly different between those who’ve been impacted by ransomware and those who have not, survey shows

New Ryuk ransomware techniques underscore how fast attackers switch gears

GUEST RESEARCH by Sophos: Sophos, a global leader in next-generation cybersecurity, today announced the findings of its global survey, “Cybersecurity: The Human Challenge”, which reveals that organisations are never the same after being hit by ransomware. In particular, the confidence of IT managers and their approach to battling cyberattacks differ significantly depending on whether or not their organisation has been attacked by ransomware.

For instance, IT managers at organisations hit by ransomware are nearly three times as likely to feel “significantly behind” when it comes to understanding cyberthreats, compared to their peers in organisations that were unaffected (17% versus 6%).

More than one third (35%) of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity, compared with just 19% of those who hadn’t been hit. 

When it comes to security focus, the survey found that ransomware victims spend proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven’t been hit (49% and 22% respectively), diverting resources towards dealing with incidents rather than stopping them in the first place.

“The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent,” said Chester Wisniewski, principal research scientist at Sophos.

The fact that ransomware attackers continue to evolve their tactics, techniques and procedures (TTPs) contributes to pressure on IT security teams, as evidenced by SophosLabs Uncut’s article, “Inside a New Ryuk Ransomware Attack”. The article deconstructs a recent attack involving Ryuk ransomware. Sophos incident responders found that the Ryuk attackers used updated versions of widely available and legitimate tools to compromise a targeted network and deploy ransomware. Unusually, the attack progressed at great speed – within three and a half hours of an employee opening a malicious phishing email attachment, the attackers were already actively conducting network reconnaissance. Within 24 hours, the attackers had access to a domain controller and were preparing to launch Ryuk.

“Our investigation of the recent Ryuk ransomware attack highlights what defenders are up against. IT security teams need to be on full alert 24 hours a day, seven days a week and have a full grasp of the latest threat intelligence on attacker tools and behaviors. The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyberthreat awareness. However, their ransomware experiences also appear to have given them a greater appreciation of the importance of skilled cybersecurity professionals, as well as a sense of urgency about introducing human-led threat hunting to better understand and identify the latest attacker behavior,” said Wisniewski. “Whatever the reasons, it is clear that when it comes to security, an organisation is never the same again after being hit by ransomware.”

The full report, “Inside a New Ryuk Ransomware Attack”, is available on SophosLabs Uncut, where Sophos researchers regularly publish their latest research and breakthrough findings, such as Maze leveraging Ragnar Locker. Threat researchers can follow SophosLabs Uncut in real time on Twitter at @SophosLabs.

About the Survey

The “Cybersecurity: The Human Challenge” survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2020. The survey interviewed 5,000 IT decision makers in 26 countries, in the US, Canada, Brazil, Colombia, Mexico, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Poland, the Czech Republic, Turkey, India, Nigeria, South Africa, Australia, China, Japan, Singapore, Malaysia, Philippines and UAE. All respondents were from organisations with between 100 and 5,000 employees.

Additional Resources

·      For more information on how to identify that ransomware attackers have you in their sights, read the SophosLabs article Five signs you’re about to be attacked.

·      Connect with Sophos on TwitterLinkedInFacebookSpiceworks, and YouTube

About Sophos

As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organisations of all sizes in more than 150 countries from today’s most advanced cyber threats. Powered by SophosLabs – a global threat intelligence and data science team – Sophos’ cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos’ entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single “synchronised security” system accessible through a set of APIs. Sophos has been driving a transition to next-generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organisation. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K. More information is available at www.sophos.com


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments