Ransomware victims continue to pay while preparing for AI-enhanced attacks
Picture: Peter Dazeley/Getty Images.
The majority of victims of ransomware attacks still choose to pay the ransom, with more than half of them paying more than $100,000 to regain access to their system and their data.
In addition, organizations fear and are closely following the potential of generative artificial intelligence (AI), which opens up new avenues for cyber attacks.
Victims who pay (dearly) the ransom
In a study conducted by Splunk, 96% of respondents were confronted with a ransomware attack. Among them, more than half (52%) described the impact of the attack on their business systems and operations as significant.
In addition, 83% admitted to having paid a ransom, according to the “Report for CISOs 2023”. This report is the result of quantitative surveys of 350 security managers and executives in 10 markets, including Australia, Germany, India, Japan and Singapore. The study also includes qualitative research based on one-hour telephone interviews with 20 cybersecurity managers in Canada, the United States and the United Kingdom.
Of the organizations that paid a ransom, 53% disbursed more than $ 100,000 – 9% of them exceeded a million. Some 18% paid the ransom directly to the attackers, while 37% did so through cyber insurance and 28% through a third party.
Better cooperation to better protect ourselves
To strengthen their cyber resilience and their visibility, the interviewees indicated that collaboration between all professions was necessary. Some 92% of them have seen a significant or moderate increase in cybersecurity collaboration between their security, IT and engineering teams. These links have also been strengthened thanks to digital transformation initiatives, the development of cloud-native software or a greater focus on risk management.
In addition, 77% describe their collaboration with the IT and development teams on the analysis and resolution of the root causes of incidents as “good”. On the other hand, 42% believe that there is room for improvement.
Among the main security concerns, 40% of respondents point to social engineering, while 37% are worried about threats related to operational technologies and the Internet of Things (IoT). 33% are concerned about ransomware attacks.
AI transforms cyber attacks and cyber defenses
Among the fears of those surveyed, about 70% are worried about generative AI and what it can bring to cyber attackers. For 36% of them, attacks will be faster and more effective thanks to this technology.
In addition, 36% of respondents believe that this technology could be used for identity theft – thanks to voice and image – for social engineering purposes. 31% are most worried about the extension of the attack surface of their supply chain.
However, 35% of respondents say they are experimenting with this technology to strengthen their cyber defense, especially in malware analysis and workflow automation. For example, 26% use AI to analyze data sources to determine which ones need to be optimized or deleted, while 23% use generative AI to create detection rules. Most CISOs (93%) have largely or moderately integrated automation into their processes.
Better training
In addition, 86% of respondents believe that generative AI helps to fill gaps and skills shortages within a security team, taking over labor-intensive and time-consuming functions, and freeing security personnel to devote themselves to more strategic tasks.
These employees would also need more in-depth training, since 46% of the respondents plan to update their security teams’ knowledge of effective rapid engineering. In addition, 39% of respondents indicated that they are striving to train their employees to better understand the threats that could appear with generative AI.
Nevertheless, CISOs are worried about a flow of tools, with 88% of them highlighting the need to reduce the number of security analysis and exploitation tools in favor of other applications, such as threat intelligence, SOAR (orchestration, automation and security response) and SIEM (management of security information and events).
Source: ZDNet.com