Semperis Ransomware Risk Report Highlights Alarming Trends

Uploaded on 2024-07-31 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A new report from Semperis, a leader in identity-driven cyber resilience, reveals a troubling escalation in ransomware attacks, with 78% of victim organisations paying ransoms and 74% suffering multiple strikes, often in rapid succession.

The 2024 Ransomware Risk Report study is based on a global survey of 900 IT and security professionals, underscores the persistent and evolving threat of ransomware, emphasising the need for robust identity system protection and a proactive "assume breach" mindset.

Released on July 30, 2024, the report provides critical insights for business, IT, and security leaders navigating this growing cyber menace.

The report highlights ransomware’s transformation from a sporadic threat to a relentless, orchestrated assault. Criminal groups exploit vulnerabilities, particularly in identity systems like Microsoft Active Directory (AD), to launch multiple attacks, sometimes simultaneously. A staggering 54% of organisations hit by multiple attacks experienced them on the same day, with most occurring within a week. Simon Hodgkinson, Semperis Strategic Advisor and former bp CISO, notes that these rapid, successive strikes exploit organisations’ weaknesses, leading to closures, lay-offs, revenue losses, and cancelled cyber insurance policies. The financial toll is immense, with collateral damage often exceeding ransom costs, including operational downtime, reputational harm, and, in some cases, risks to human health and safety.

One of the most concerning findings is the high rate of ransom payments, driven by pressures to restore operations quickly. However, paying ransoms offers no guarantee of recovery - 49% of organisations that paid failed to receive usable decryption keys or recover their assets.

Many respondents cited cyber insurance, especially in the IT/telecom sector, as a factor in their decision to pay, while others prioritised avoiding threats to customers, patients, or business reputation. Yet, as the report warns, ransom payments often fund further attacks, with malware embedded in ransomware reinfecting systems. This cycle of breaches underscores the futility of relying on payments as a solution.

Recovery times remain a significant challenge, with 49% of organisations needing one to seven days to restore minimal IT functionality and 12% requiring a week or more. Prolonged recovery increases the likelihood of paying ransoms, as businesses face mounting pressure to resume operations.

The report identifies inadequate identity system backup and recovery practices as a common point of failure.

While 70% of respondents reported having an identity recovery plan, only 27% had dedicated, AD-specific backup systems. Without malware-free backups and tested recovery plans, organisations face extended downtime, exacerbating financial and operational impacts. Chris Inglis, Semperis Strategic Advisor and former U.S. National Cyber Director, emphasises that cybersecurity is a business issue, requiring board-level accountability and a collective effort to build resilience.

The report also reveals strategic shifts in attacker behaviour, with 72% of ransomware attacks targeting weekends or holidays when staffing is reduced. Despite 96% of organisations maintaining 24/7 Security Operations Centres (SOCs), 85% scale back after-hours staffing by up to 50%, and nearly 5% leave SOCs unstaffed during these periods. Attackers exploit these gaps, striking when defences are weakest, such as during mergers, acquisitions, or lay-offs. Mickey Bresman, Semperis CEO, advocates for automated identity protection and recovery solutions to bolster resilience during vulnerable periods. Kemba Walden, former Acting U.S. National Cyber Director, adds that organisations must embed resilience into their networks to combat relentless ransomware threats.

A lack of board-level support emerges as a significant barrier to ransomware resilience, with most respondents citing insufficient executive backing as their biggest challenge.

Inglis stresses the need for a three-pronged approach - corporate doctrine, skill-building, and technology - starting with boards recognising cybersecurity’s business implications. Regulatory bodies, including the SEC, increasingly hold boards accountable, reinforcing that cybersecurity is not solely an IT concern. The report urges leaders to prioritise identity-first security, explaining its value in business terms to secure investment and support.

Semperis’ findings call for a paradigm shift toward proactive defence. The report advocates embracing an "assume breach" mindset, assuming a constant state of threat and preparing accordingly. This includes implementing robust AD security and recovery tools, conducting real-world recovery testing, and maintaining 24/7/365 SOC coverage with automated threat detection. Jeff Wichman, Semperis Director of Incident Response, emphasises that SOCs should operate at least 75% capacity during off-hours, supported by automation to counter calculated attacker tactics.

Semperis' report sends an alert  to organisations everywhere, highlighting ransomware’s devastating impact and the urgent need for enhanced cyber resilience. By focusing on identity system protection, board-level engagement, and continuous vigilance, businesses can better defend against this unrelenting threat. 

Semperis  |   Semperis  

Image: Unsplash

You Might Also Read:

Why DevOps Security Must Be On Every Leader's Agenda:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Unravelling Silk Typhoon’s Capabilities
Underfund Youth Today, Undermine Cybersecurity Tomorrow »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Yokai

Yokai

Yokai is a secure, distributed platform for data communication with enhanced security features tailored for classified environments such as finance, defence, healthcare, cybersecurity, and more.