The number of ransomware attacks targeting global organisations has doubled in the past two years, according to a new report from Akamai Technologies. The State of Segmentation 2023 report revealed that entities across the globe have faced an average of 86 ransomware assaults in the past year, a significant increase from the average 43 annual attacks noted two years ago. In Australia, the average sits at 70 ransomware attacks in the past year, placing the country in 7th place.

In response to this cyber threat surge, the vast majority of security organisations have implemented Zero Trust and microsegmentation strategies. According to the report, 99% of respondents in the Asia-Pacific-Japan (APJ) region who have some form of segmentation in place have also adopted a Zero Trust security framework, which operates on a strict 'never trust, always verify' principle.

The report also offers insight into regional differences. For instance, organisations in APJ are more inclined to have segmented over two business-critical assets (36 percent) than those in Europe, Middle East, and Africa (EMEA) (29 percent) and Americas (26 percent). Additionally, 27% of Australian organisations are more likely to have segmented more than two business-critical assets.

Akamai's report emphasised the efficacy of microsegmentation, an emerging security practice that partitions networks into sections and implements granular security policies and controls for individual workloads, applications, and tasks. Though organisations globally acknowledge microsegmentation as a robust tool for asset protection, its adoption rate has been lower than expected. Only 36% of the APJ organisations have segmented across more than two business critical areas, citing a lack of skills/expertise (43%) as the top obstacle, followed by compliance requirements (42%), and increased performance bottlenecks (40%).

However, the benefits of persevering with comprehensive microsegmentation strategies were also highlighted, with organisations that have segmented across six mission-critical areas managing to recover from attacks in merely four hours. This period is 11 hours faster than for organisations only segmenting one critical area.

“Cybercriminals in APJ are continually updating tactics and tools to breach organisations. It's critical that organisations reassess risks to shield their vital assets. Combining Zero Trust Network Access with microsegmentation can help combat ransomware threats. While many APJ organisations are ahead in implementing such architectures, they also need to ensure that their staff and partners are skilled enough to maximise these strategies' full benefits," said Dean Houari, Akamai's Director of Security Technology and Strategy in the APJ region.

Among other findings, the report indicated that network segmentation is more likely to be deemed extremely vital to security by organisations in APJ (62 percent) and the Americas (60 percent) than those in EMEA (53 percent). Regarding obstacles to segmentation, both APJ and EMEA noted lack of skill/expertise (43 percent and 38 percent respectively) as the top issue, whereas in the Americas, it was increased performance bottlenecks (41 percent). However, those in the Americas reported having a more fully defined and complete Zero Trust deployment (49 percent) than APJ (35 percent) and EMEA (33 percent).

The report also discovered that 93% of all respondents deemed microsegmentation critical to ward off ransomware attacks. Post-ransomware attack concerns identified included network downtime (52 percent), data loss (46 percent), and damage to brand/reputation (45 percent). Among APJ countries, China, and Japan documented the highest number of ransomware attacks over the past year, counting 83 and 81 attacks respectively. In terms of segmentation, India led the way with 58% of organisations having more than two assets/areas segmented, followed by Mexico at 48%, and Japan at 32%.