In terms of cyberattacks, 2021 has so far been the most disruptive year, and it appears that 2022 will be much harder for businesses who are still trying to put security measures in place.
Concern about possible cyberattacks has grown in recent months as a result of the world’s turmoil. In an effort to lessen risk, organisations are starting to look more critically about their present infrastructure and many are putting new measures in place. Should you follow your peers’ lead and do the same thing?
We polled over 700 professionals from the fields of cybersecurity, IT, quality assurance, internal audit, finance, and other related fields about their compliance programmes for our 2022 Compliance Benchmark Report in order to better understand their organization’s compliance position, including strengths, weaknesses, and opportunities.
Here is what we discovered about how businesses are reacting to the rise in ransomware and assaults.
The prevalence of ransomware increased in 2021
2021 saw a surge in headline-grabbing ransomware attacks that targeted a variety of sectors, from the government to retail. In 2021, a startling 37% of all firms worldwide were the target of a ransomware attack, according to the most recent Ransomware Study from IDC.
Ransomware attacks haven’t stopped in 2022; on the contrary, they’ve increased. A widespread ransomware strain earlier this year affected at least 52 firms in 10 of the 16 key infrastructure sectors in the United States. Since its detection in April 2020, the same ransomware has also impacted a large number of business enterprises.
Many firms are being more cautious when developing a plan to thwart assaults and lessen possible harm if — or more likely, when — an attack does take place as a result of the rising frequency of ransomware attacks. According to the results of our 2022 Compliance Benchmark Survey,
- 40% of people intend to create a ransomware preparation strategy.
- 39 percent have a ransomware preparedness strategy in place already.
- 10% of respondents do not consider ransomware to be a major cybersecurity threat.
While it is good that the majority of businesses either have a ransomware contingency strategy in place or are attempting to create one, it is also interesting that one in ten businesses do not consider ransomware to be a serious cybersecurity risk. This is concerning since an effective security posture necessitates that businesses consider cybersecurity risks proactively rather than after the fact.
The (Potential) Effect of the Executive Order on Increasing Cybersecurity in the Country
The Colonial Pipeline assault had already taken place by the time the American government published its Executive Order (EO) on Improving the Nation’s Cybersecurity in May 2021. The need of enhancing cybersecurity across the board has been stressed by the EO, which is aware that a large portion of the nation’s domestic vital infrastructure is owned and controlled by the private sector.
Organizations’ opinions on how the Executive Order would affect their cybersecurity strategy varied when we asked them:
- 37% responded “yes.”
- 30% said “no,” while
- 28% indicated they weren’t sure.
However, “yes” replies were more prevalent in sectors often regarded as being closer to the federal supply chain: According to 51% of government, 46% of IT services, and 43% of technology businesses, the EO will change how they handle cybersecurity.
Unfortunately, assaults keep harming different governmental sectors. Serious instances, including the Okta supply chain breach and the attack on Bernalillo County in New Mexico that was specifically targeted at the government, have already occurred in the first half of 2022.
Actions You Can Take to Combat the Rise in Cyberattacks
Organizations across all industries are on edge due to the rise in cyberattacks on our country; 83 percent of poll participants indicated they thought an assault on their organization’s essential infrastructure would have an impact.
Despite these concerns, preventive measures can be done immediately. Examine your present cybersecurity posture in detail, paying special attention to:
- Assuming a tactical attitude to be vigilant regarding new cyber threats
- Locating holes in your existing ransomware readiness strategy
- Identifying cybersecurity flaws using social engineering and penetration testing
- Making use of compliance certificates to provide consumers’ confidence and show that the right security measures are in place