SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware attacks continue to increase, report finds
Tue, 27th Sep 2022
FYI, this story is more than a year old

Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to the latest annual report from cybersecurity specialist Hornetsecurity.

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.

Cyberattacks are happening more frequently. Last years ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.

"Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros," says Daniel Hofmann, chief executive officer at Hornetsecurity.

"Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world," he says.

Microsoft 365 users targeted by attackers

The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

"Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks," says Hofmann.

Lack of business preparedness

Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyberattack.

In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.

The survey also showed that more than one in five businesses (21%) that were attacked either paid up or lost data. Hackers have an incentive to run these ransomware attacks because theres a decent chance that they'll get a payday - 7% of IT professionals whose organisation was attacked paid the ransom, while 14% admitted that they lost data to an attack.

"Interestingly, 97% of pros are moderately to extremely confident in their primary protection method, even if they don't use many of the most effective security measures available, such as immutable storage and air-gapped off-site storage," says Hofmann. 

"This tells us that more education is needed in the field, and were committed to this cause."