Traditional defenses against ransomware are falling short, according to Cloudian's 2021 Ransomware Victims Report, released Thursday. Half of organizations (49%) reported having perimeter defenses in place prior to a successful ransomware attack.
Despite 54% of organizations conducting anti-phishing training, one-quarter (24%) of ransomware attacks used phishing as the point of entry. Cloudian surveyed 200 IT decision-makers in the U.S. whose organizations experienced a ransomware attack in the last two years.
On average, victims of ransomware attacks experienced just over three days of downtime, while 10% of respondents reported a week or more of downtime, the survey found. Thirty percent described the impact of the ransomware attack as "severe."
As ransomware attacks continue to penetrate businesses, security professionals are finding historically reliable defenses can still be breached by malicious actors. Executives are preparing to mitigate when an attack strikes, not just focused on prevention.
Planning ahead for a ransomware attack, with an incident response team prepared to jump into action, can help the business limit the amount of damage caused by the hack. A key part of that plan is isolating systems to curb disruption.
"Oftentimes what customers do in the case of a ransomware attack or other attacks is they try and get that control system isolated as quickly as possible because the damage that could happen in the OT world can be way more and way more long lasting compared to IT," Mark Carrigan, COO of PAS, said during a webinar hosted by Flore Albo LLC last week.
Consider the Colonial Pipeline attack. After attackers deployed the DarkSide ransomware on its IT infrastructure, the pipeline disconnected its OT systems to silo the attack and prevent further damage. This method can be applied to other attacks, as businesses can unplug to prevent the spread while assessing the damage.
But ransomware attackers are becoming savvier, targeting vendors and third parties to spread malware to unsuspecting secondary victims. The infection and resulting damage trickle from the single source into unsuspecting networks.
"What the ransomware attackers have figured out is: Go slow and increase profitability over time," Steve Katz, former CISO of Citibank, said at the event. On average, companies paid $223,000 on ransoms and an additional $183,000 recovering from ransomware attacks, according to the Cloudian survey.
Combating ransomware has become an expensive, uphill battle for security professionals that they can't fight alone. "The only way we can get ahead of it is to stop it at the source," Katz said.
Recent federal government orders and actions attempt to stop ransomware at its source — but will require private sector coordination along the way.