CrowdStrike, Inc. announced the release of the 2020 CrowdStrike Global Security Attitude Survey, produced by independent research firm Vanson Bourne.
This year in particular, the report revealed continued proliferation of
ransomware, heightened concerns around nation-state actors, and the
need for acceleration of both digital and security transformation.
Proliferation of Ransomware Leads to More Frequent Payouts, Costing Millions
Survey
data indicates ransomware attacks have proven to be especially
effective, as more than half (56%) of organizations surveyed have
suffered a ransomware attack in the last year. The COVID-19 pandemic
catalyzed increasing concerns around ransomware attacks, with many
organizations resorting to paying the ransom.The global attitude shifts
from a question of if an organization will experience a ransomware
attack to a matter of when an organization will inevitably pay a ransom.
Notable findings include:
- Concern around ransomware attacks continues to increase, with the stark
increase in this year's findings (54%) compared to 2019 (42%) and 2018
(46%).
- 71% of cybersecurity experts globally are more worried about ransomware attacks due to COVID-19.
- Among those hit by ransomware, 27% chose to pay the ransom, costing organizations on average $1.1 million USD owed to hackers.
- The APAC region is suffering the most when paying the ransom with the
highest average payout at $1.18 million USD, followed by EMEA at $1.06
million and the U.S. at $0.99 million.
Fear of Nation-State Cyberattacks Can Stifle Business Growth in Post COVID-19 World
Nation-state
activity continues to weigh heavily on IT decision makers, as 87% of
respondents agree that nation-state sponsored cyberattacks are far more
common than people think. As growing international tensions and the
global election year have created a nesting ground for increased
nation-state activity, organizations are under increased pressure to
resume operations despite the increased value of intellectual property
and vulnerabilities caused by COVID-19. Key highlights include:
- Even with the massive rise in eCrime over the course of 2020, 73%
believe nation-state sponsored cyberattacks will pose the single biggest
threat to organizations like theirs in 2021. In fact, concerns around
nation-states have steadily increased, as 63% of cybersecurity experts
view nation-states as one of the cyber criminals most likely to cause
concern, consistently rising from 2018 (54%) and 2019 (59%).
- 89% are fearful that growing international tensions (e.g. US-China
trade war) are likely to result in a considerable increase in cyber
threats for organizations.
- Approximately two in five IT security professionals believe a
nation-state cyberattack on their organization would be motivated by
intelligence (44%) or to take advantage of vulnerabilities caused by
COVID-19 (47%).
Digital and Security Transformation Accelerated as Business Priority
In
the wake of these threats, cybersecurity experts have accelerated their
digital and security transformation efforts to address the growing
activity from eCrime and nation-state actors. While spend on digital
transformation continues to trend upward, the COVID-19 pandemic
accelerated the timeline for many organizations, costing additional
investment to rapidly modernize security tools for the remote workforce.
Security transformation rollout findings include:
- 61% of respondents' organizations have spent more than $1 million on digital transformation over the past three years.
- 90% of respondents' organizations have spent a minimum of $100,000 to adapt to the COVID-19 pandemic.
- 66% of respondents have modernized their security tools and/or
increased the rollout of cloud technologies as employees have moved to
work remotely.
- 78% of respondents have a more positive outlook on their organization's
overarching security strategy and architecture over the next 12 months.
"This
year has been especially challenging for organizations of all sizes
around the world, with both the proliferation of ransomware and growing
tensions from nation-state actors posing a massive threat to regions
worldwide," said Michael Sentonas, chief technology officer,
CrowdStrike. "Now more than ever, organizations are finding ways to
rapidly undergo digital transformation to bring their security to the
cloud in order to keep pace with modern-day threats and secure their
‘work from anywhere' operations. Cybersecurity teams around the globe
are making strides in improving their security posture by moving their
security infrastructure to the cloud and remaining diligent in their
incident detection, response and remediation practices."