Customers of mainstream software providers continue to face a crisis of trust, say IT and security chiefs, while cyberattacks are more costly and anxieties around these attacks continue to grow — especially attacks conducted through ransomware and the software supply chain, the 2021 CrowdStrike Global Security Attitude Survey reveals. The survey also shows that in tandem with this escalation, and the accompanying complexity and frequency of attacks, organizations have sadly lost ground in their efforts to combat attacks within effective time constraints, leaving themselves vulnerable to more potential threats.
CrowdStrike’s fourth annual Global Security Attitude Survey, conducted by independent research firm Vanson Bourne, brings to light the opinions of over 2,200 IT and security managers at medium-sized and large businesses worldwide.
The survey shows that nearly two-thirds (63%) of respondents are losing trust in mainstream software suppliers, including giants such as Microsoft, because so many security incidents are connected with products and services from those vendors. This “threat within” bites deep. Nearly half (45%) of respondents have already experienced a supply chain attack in the last 12 months, compared to 32% in 2018 — a 40% leap over that period.
Supply chain attacks, as seen in the recent Sunburst and Kaseya incidents, describe breaches stemming from compromised or vulnerable code in sources that organizations have historically trusted as secure software applications, components, infrastructure and support, and that they rely upon for current operations.
It’s a trust that’s been seriously — and understandably — eroded. According to the survey, an overwhelming majority of IT and security pros (84%) now believe supply chain attacks will be one of their most significant cybersecurity threats in the next three years. This clearly reinforces the need for organizations to revisit their vetting procedures as well as their recovery strategies. If software supply chain attacks increase as expected, organizations could quickly find themselves in considerable difficulty if they have not prepared for such issues.
In response to the recent massive increase in supply chain attacks, businesses must change the way they operate and evaluate more stringently the suppliers they work with. Every supplier, no matter their longevity or reputation, needs to be assessed on a continual basis, and their software monitored with the same impartiality as any other.
Ransomware Runs Wild
It comes as no surprise that ransomware continues to gain considerable momentum in 2021. Two-thirds (66%) of respondents’ organizations suffered at least one ransomware attack in the prior 12 months — that’s significantly higher than the 56% that reported being attacked over the same time period in 2020.
The consequences of these attacks also continue to become more considerable — the amounts have rapidly increased year-over-year since ransomware became commercially lucrative with the rise of anonymous cryptocurrencies. The average ransom payment in 2021 increased by 63% to $1.79 million USD, compared to $1.10 million USD in 2020. Yet the logic around paying out to ransomware attackers continues to erode, as the attack often doesn’t stop once a victim pays: Almost every organization (96%) that paid a ransom was extorted for further payments, costing businesses an additional $792,493 USD on average. Attackers threaten to publish data exfiltrated through an attack to public-facing “dedicated leak sites” (DLSs) or by threatening to publicize the attack itself.
It’s clear that organizations need to do much more to protect their assets, but most are woefully unprepared. In terms of ransomware attacks, the majority of organizations (57%) say they have no comprehensive strategy in place for protection against ransomware attacks.
The Preparation Gap
CrowdStrike advises organizations to adopt the 1-10-60 minute rule, a practical benchmark for gauging readiness and formulating cybersecurity plans. Security teams demonstrate the ability to detect threats within the first minute of an intrusion, investigate and understand the threat within 10 minutes, and contain and eradicate the threat within 60 minutes.
Many organizations around the world now use the 1-10-60 rule as a key performance indicator, and more organizations should adopt this benchmark, as the survey shows that some are losing ground. On average, respondents estimated that it would take their organization a staggering 146 hours to detect a cybersecurity incursion. This is a stark increase over the averages reported in 2020 and 2019, which were 117 hours and 120 hours, respectively.
Conversations with clients convince us they’re working harder than ever, but the landscape is certainly becoming more complex. The still-new environment of hybrid working provides some explanation for longer detection and response times, but the figures suggest a bleak outlook for cybersecurity in the near future.
Teams need help urgently, either in increased internal resources or in managed endpoint monitoring and response. They need to decrease their response time before it’s too late, which means they need to hit those 1-10-60 goals. The survey’s average $1.79 million USD ransom payout (before additional extortion demands) should provide a convincing rationale in any board room for supporting either approach to achieve the benchmark.
The 2021 CrowdStrike Global Security Attitude Survey clearly demonstrates that today’s forward-looking security leaders need to make investments in modern security architecture — or risk becoming another cyber statistic. CrowdStrike is committed to providing organizations around the globe with the most innovative technology on the market to help them understand who is targeting them and why — and with CrowdStrike technology, teams are empowered to stay ahead of adversaries.