Legacy IT Vendors Losing Trust as Supply Chain Attacks, Ransomware Attacks Run Rampant

A new survey from leading security firm CrowdStrike reveals growing frustration with traditional IT vendors like Microsoft, as supply chain attacks and ransomware attacks fueled by vulnerabilities in their software become the focus “New standard” for organizations around the world. Ransomware Attacks Run Rampant

The CrowdStrike Global Security Attitude Survey 2021 is once a year. The fourth such survey has so far surveyed 2,200 IT and defense managers in the medium. Large companies in a huge pattern of nations.73% have said. They lost faith in traditional software program companies because of the seemingly endless chain of exploitative insecurities and defense incidents. It is most often caused by first-hand depression. In addition, 45% of these agencies report supply chain attacks in the past year. (40% increase in aggregate responses in 2020).

Supply chain attacks leading factor in undermining confidence in software products

Along with this loss of trust comes the feeling of losing ground in the global battle against cyber threats. Organizations report that they do not do well in including supply chain attacks and ransomware attacks with the necessary delays.

Cyber ​​security news seldom builds into the mainstream media news cycle. Unless it is an exceptionally large and damaging event. Ransomware is so out of hand that some major attacks are happening because of it. (Such as colonial pipelines) have become a talking point for the average person without technology. They begin to have a direct effect on life. Supply chain attacks remain a commercial problem. More companies need to be aware of this. Because high-level players “upstream.

The survey finds that 84%

The survey found that. 84% of those surveyed have supply chain attacks in the next three years. This is expected to be one of the biggest security challenges. There are big companies on vendor software like Kaseya and SolarWinds. Attacks can potentially disrupt thousands of businesses at once. Through the spread of malicious updates. In some cases, like Kaseya, the vulnerability lies directly in the software vendor’s software. Among others, the problem of supply chain attacks, like SolarWinds, lies in the cloud-based services of large retailers like Microsoft. Either way, the “big brands” in software and cloud services are being hit hard. They keep giving news for the wrong reasons.

77% of people say that supply chain attacks have affected their business at some point in history. And 45% say at least one has happened in the last 12 months. Despite this, 64% of respondents say the organization still does not fully control its software vendors. Microsoft was the only vendor mentioned by name in the report, which may have something to do with CrowdStrike being a direct competitor in certain product areas (something Microsoft was quick to point out in a response to the press). But it remains true that Microsoft has battled a series of vulnerabilities in its cloud services over the past two years, and these openings have been directly exploited as the starting point for many supply chain attacks.

Ransomware attacks more frequent, more damaging in 2021

Of course, ransomware attacks remain a major concern for businesses as well. 66% of those surveyed said they experienced ransomware attacks in 2021, a 10% increase from the 2020 survey. The average payout increased 63% to $ 1.79 million in just one year, Ransomware Attacks Run Rampant but attackers also show a much greater propensity to ‘double down’ once paid; 96% of those surveyed who paid to fix their ransomware attacks said the hackers demanded at least one additional payment, and that round of additional payments averaged around $ 792,000 in additional costs.

Although ransomware attacks are all over the news in 2021

Although ransomware attacks are all over the news in 2021 and the damage increases dramatically, 57% of those surveyed said their organization still does not have a real plan in place to defend against them. CrowdStrike includes practical tips for resolving this issue in the report, suggesting the “1-10-60 rule” as a starting point for organizations still lost in dealing with the threat of ransomware attacks.

This strategy is a general benchmark to plan around: Effective security strategies should aim for 1 minute to detect threats, 10 minutes to clearly define them, and 60 minutes to contain them and prevent further damage. CrowdStrike’s Falcon OverWatch security team says it considers an average time of 92 minutes for threat actors to move sideways across networks from the time of the initial breach. In contrast, average security response times are heading in the wrong direction: 165 hours until initial detection in 2021, compared to 97 hours in 2020.

While they usually don’t end up coming away with the full amount they ask for, ransomware attackers feel confident enough now that they are opening with an average request of $ 6 million. Given the state of the threat landscape, this is an indicator that average payments and damages may continue to increase in the years to come.