Legacy IT Vendors Losing Trust as Supply Chain Attacks, Ransomware Attacks Run Rampant
According to new research from leading security firm CrowdStrike, customers are increasingly irritated with traditional IT vendors such as Microsoft and this reflects the new normal in most organizations around the world because of the rise of supply chain attacks and ransomware attacks that are largely fueled by the vulnerabilities in the software used by the vendors. Ransomware Attacks Run Rampant
The CrowdStrike Global Security Attitude Survey 2021 is once a year. The fourth such survey has so far surveyed 2,200 IT and defense managers in the medium. Large companies in a huge pattern of nations 73% have said. They lost faith in traditional software program companies because of the seemingly endless chain of exploitative insecurities and defense incidents. It is most often caused by first-hand depression. In addition, 45% of these agencies report supply chain attacks in the past year. (40% increase in aggregate responses in 2020).
Supply chain attacks leading factor in undermining confidence in software products
Along with this loss of trust comes the feeling of losing ground in the global battle against cyber threats. Organizations report that they do not do well in including supply chain attacks and ransomware attacks with the necessary delays.
Cybersecurity news seldom builds into the mainstream media news cycle. Unless it is an exceptionally large and damaging event. Ransomware is so out of hand that some major attacks are happening because of it. (Such as colonial pipelines) have become a talking point for the average person without technology. They begin to have a direct effect on life. Supply chain attacks remain a commercial problem. More companies need to be aware of this. Because high-level players “upstream.
The survey finds that 84%
The survey found that. 84% of those surveyed have supply chain attacks in the next three years. This will be one of the greatest security challenges. Major companies are on vendor software like Kaseya and SolarWinds. It can potentially disrupt thousands of businesses at one go. Malicious updates cause them. In some cases, like Kaseya, the vulnerability lies directly in the software that a software vendor is offering. Among others, the problem of supply chain attacks, like SolarWinds, lies in the cloud-based services of large retailers like Microsoft. Either way, the “big brands” in software and cloud services are being hit hard. They keep giving news for the wrong reasons.
77% of people say that supply chain attacks have affected their business at some point in history. And 45% say at least one has happened in the last 12 months. Despite this, 64% of respondents say the organization still does not fully control its software vendors. Microsoft was the only vendor mentioned by name in the report, which may have something to do with CrowdStrike being a direct competitor in certain product areas (something Microsoft was quick to point out in a response to the press). But it remains true that Microsoft has battled a series of vulnerabilities in its cloud services over the past two years, and these openings have been directly exploited as the starting point for many supply chain attacks.
Ransomware attacks more frequent, and more damaging in 2021
Of course, ransomware attacks remain a major concern for businesses as well. 66% of those surveyed said they experienced ransomware attacks in 2021, a 10% increase from the 2020 survey. The average payout increased 63% to $ 1.79 million in just one year, Ransomware Attacks are rampant but attackers also show a much greater propensity to ‘double down’ once paid; 96% of those surveyed who paid to fix their ransomware attacks said the hackers demanded at least one additional payment, and that round of additional payments averaged around $ 792,000 in additional costs.
Although ransomware attacks are all over the news in 2021
Although ransomware attacks are all over the news in 2021 and the damage increases dramatically, 57% of those surveyed said their organization still does not have a real plan in place to defend against them. CrowdStrike includes practical tips for resolving this issue in the report, suggesting the “1-10-60 rule” as a starting point for organizations still lost in dealing with the threat of ransomware attacks.
This strategy is a general benchmark to plan around: Effective security strategies should aim for 1 minute to detect threats, 10 minutes to clearly define them, and 60 minutes to contain them and prevent further damage. According to CrowdStrike’s Falcon OverWatch security team, it considers an average time of 92 minutes for threat actors to move laterally across networks from the time of the initial breach. Against this backdrop, average security response times are going in the wrong direction: 165 hours until initial detection in 2021. compared to 97 hours in 2020.
While they usually don’t end up coming away with the full amount they ask for, ransomware attackers feel confident enough now that they are opening with an average request of $ 6 million. Given the state of the threat landscape, this is an indicator that average payments and damages may continue to increase in the years to come.
Leave A Comment