As the value of bitcoin and other cryptocurrencies – often the preferred form of payment among hackers – has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later.
“The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies’ anonymity,” Andrew Foxcroft, regional director for Radware UK, Ireland and Nordics. “Paying a hacker in these situations not only incentivices further attacks, but it provides criminals with the vital funds they need to continue their operations.”
The number of companies that reported ransom attacks in which hackers use malware to encrypt data, systems, and networks until a ransom is paid – surged in the past year, increasing 40% from the 2016 survey. Companies don’t expect this threat to go away in 2018 either. One in four executives (26%) see ransom as the largest threat to their business sector in the coming year.
“Criminals used various exploits and hacks this year to encrypt vital systems, steal intellectual property, and shut down business operations, all with ransom demands attached to these actions,” Foxcroft said. “Between service disruptions, outages, or intellectual property theft, hackers are leaving businesses reeling, searching for solutions after a hack occurs. As hackers and their methods become increasingly automated, it is now more important than ever for organisations to be proactive in protecting their business.”
Other key findings of the report include:
- Businesses are most concerned with their data when hit with a cyber-attack. Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages. Yet with five months to go until GDPR comes into force, only 28% say their organisation is very or well prepared for GDPR, and another third feel somewhat prepared. Not surprising, those in Europe are more likely to say they are very well or well prepared compared to those in North America (35% vs. 25%), while one in four in North America are completely unfamiliar with GDPR.
- Despite one in four (24%) businesses reporting cyber-attacks daily or weekly, nearly 80% of surveyed organisations have not come up with a calculation for the cost of attacks, and one in three lack a cyber security emergency response plan.
- Respondents are not quite sure who is responsible for internet-of-things (IoT) security. When asked who needs to take responsibility for IoT security, there was no clear consensus among security executives. Responses pinned responsibility on the organisation managing the network through to the manufacturer (34%), but the majority said consumers using these devices (56%).