Senior IT and security decision-makers around the world are concerned that the global pandemic and rapid adoption of a work-from-anywhere business model could negatively impact future growth, according to our study released today.
Results of CrowdStrike’s third annual Global Security Attitude Survey, produced by independent research firm Vanson Bourne, reveal trepidation in how leaders view the current threat landscape and their organization’s cybersecurity readiness.
The study surveyed 2,200 senior IT decision-makers and security professionals during August and September 2020 across Australia, France, Germany, India, Italy, Japan, Middle East, Netherlands, Singapore, Spain, U.K. and U.S., drawing respondents from a wide range of industries. All respondents were from organizations with 250 or more employees and represent both private and public sector organizations.
Among the key findings in this year’s report is a growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks (71%), with 56% of organizations reporting a ransomware attack within the last 12 months. In addition, 87% of respondents indicated that nation-state attacks are much more common than most people think. In fact, 73% say these attacks are the single biggest threat to their organizations.
Potentially compounding the risks, a large majority of respondents (84%) say they have accelerated their digital transformation efforts as a result of COVID-19, with 45% stating that they have increased cloud rollouts to support employees working remotely.
It’s no secret that ransomware attacks have continued to plague organizations and the global pandemic has created fertile ground for adversaries to renew and evolve their efforts. CrowdStrike has often addressed the evolution of ransomware in its many different forms, most recently in a two-part blog series that explores the ransomware tactic of using data leak extortion to amplify demands and the adversaries who are using this approach.
The survey seems to indicate that organizations realize the link between COVID-19 and an increase in both ransomware attacks and the costs they incur, as some organizations are choosing to pay the ransom rather than endure protracted interruptions to their business processes or risk having sensitive corporate data exposed. The danger and increasing sophistication of ransomware is not lost on this year’s survey respondents, with 54% expressing concern over ransomware attacks — a significant increase over last year’s finding of 42%.
Whether to pay the ransom or not can be a difficult decision organizations face. A recent advisory from the U.S. Department of the Treasury warns that “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC [the Office of Foreign Assets Controls] regulations.” OFAC, which is part of the U.S. Department of the Treasury, administers economic and trade sanctions that could impact companies that choose to pay a ransom.
Despite the possible risk of sanctions, of the organizations reporting a ransomware attack, 27% chose to pay the ransom, averaging a total of $1.1 million USD paid by each. Regional comparisons show only a modest disparity, with APAC hit the hardest with average payouts of $1.18 million USD. EMEA came in at $1.06 million USD, while the U.S. was lower with an average of just under $1 million USD paid to attackers.
Despite the increased worry over ransomware, the survey does note a positive trend — 76% of organizations that suffered a ransomware attack upgraded their security software and infrastructure to reduce the risk of a future attack. In addition, 65% upgraded their security staff with the same objective in mind.
For the past several years, CrowdStrike has continued to observe a blurring of the lines between nation-state and eCrime attack methodologies. This includes the use of eCrime tactics such as ransomware by well-funded nation-state adversaries. As the survey shows, a large majority of organizations (87%) are aware that nation-state attacks pose a threat and many believe this situation has been exacerbated by the pandemic. In fact, 47% of respondents believe that vulnerabilities caused by the global pandemic are a key driver of malicious nation-state activity. These vulnerabilities can include: new attack surfaces exposed by rapidly enabling a remote workforce, BYOD (bring your own device) connecting to the corporate network, sensitive data exposed to unsafe WiFi networks and more.
Respondents also point to other motivating factors behind these nation-state attacks, with access to valuable customer data and gaining financial or intellectual property cited by 51% and 50%, respectively. The survey results reveal that pharmaceutical companies and biotech industries may be more likely to experience other attacker motives, including intelligence gathering (52%), provoking instability in the organization’s country (44%) and gaining political capital (36%). Organizations are also aware of how tensions between countries can impact the threat landscape, with 89% of respondents fearful that ongoing international rivalries may cause a considerable increase in cyber threats. Overall, the survey shows that the motivations driving nation-state attacks stretch far and wide, which explains why organizations across the spectrum are concerned.
The report shows that the vulnerabilities related to the COVID-19 pandemic, coupled with the growing threats from eCrime and nation-state attackers, have forced organizations to accelerate their already-rapid digital and security transformations. A vast majority of respondents agree that addressing these threats has required increased investment — $100,000 and up — which was quickly scaled when the need to deploy a fully remote workforce became a reality.
The survey further reveals how organizations have increased spending to address these issues, with 61% of respondents reporting that they have spent in excess of $1 million on digital transformation over the last three years. In addition, a large majority of organizations have also invested in modernizing their security tools and/or increased the rollout of cloud technologies as employees have moved to work remotely (66%). This focus on improving security posture by increasing their investment in modernizing cybersecurity and accelerating cloud adoption also seems to have increased respondents’ optimism, with 78% of them reporting a positive outlook on their organizations’ security strategies and architecture over the next 12 months.
There is no doubt that 2020 has been one of the most challenging years for organizations across the globe — and the concerns expressed by respondents in this survey are echoed by IT and cybersecurity professionals everywhere. The good news is that organizations seem to have a better understanding of the risks they face and are more willing to invest in the rapid digital and security transformation actions needed to mitigate these risks and ensure success.
Here are some recommendations to help your organization improve security posture and ensure your cybersecurity readiness:
In summary, eCrime and nation-state attacks will continue to proliferate, and organizations will undoubtedly fall victim to them. The current threat environment, coupled with a global pandemic, can seem daunting – even insurmountable – when striving to ensure protection across remote and hybrid environments. However, with the right technology, people and processes — and continued investment in digital and security transformations — your organization can avoid becoming the next cyber breach victim.
Download the full report here, “2020 CrowdStrike Global Security Attitude Survey: Insights into Security Transformation and Prevalent Attack Vectors in a Work-from-Anywhere World.”
Want to learn more about CrowdStrike and how they can help your business during these unprecedented times? Reach out to us at firstname.lastname@example.org to learn about our CrowdStrike managed service.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.