Ransomware is a big, big global problem

• Claroty’s survey showed 80% of organizations globally were affected by ransomware attacks
• 47% reported an impact to their industrial control system (ICS) environment
• Over 60% paid the ransom, more than half of which cost US$ 500,000 or more

Ransomware is a never-ending problem for organizations around the world. No matter how much cybersecurity protection a company has, cybercriminals still manage to find ways to infiltrate an organization and wreak havoc on them.

And it is not surprising that Claroty’s Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption report revealed that a mammoth 80% of global organizations were affected by ransomware attacks. What is surprising though is that over 60% of them paid the ransom to get back their data.

The survey of 1,100 full-time IT and OT security professionals was carried out in the United States, Europe, and the Asia Pacific, to determine how organizations dealt with evolving ransomware challenges in 2021, and their levels of resiliency and priorities moving forward.

According to the survey, 90% respondents had accelerated digital transformation since the start of the pandemic. 73% of organizations plan to continue remote or hybrid work in some capacity. Nearly 90% of respondents are looking to hire more OT security staff, but 54% say it is hard to find qualified candidates.

The survey report also found that the combination of the ever-accelerating digital transformation and limited availability of skilled cybersecurity workers has resulted in several high-profile attacks on critical infrastructure. In response, many C-suite executives have become heavily involved in the decision-making and oversight of their organization’s cybersecurity practices.

In fact, more than 60% are centralizing both OT and IT governance under the CISO. A further 62% are supportive of government regulators enforcing mandatory and timely reporting of cybersecurity incidents that affect IT and OT/ICS systems.

At the same time, more than 80% of respondents report that both their IT and OT/ICS security budgets have increased since 2020. The number is close to 90% in industries including IT hardware, oil and gas, and electric energy. Implementing new technology solutions is the top cybersecurity priority, with the oil and gas and IT hardware sectors leading the way, and training comes in second.

The world still being targeted by ransomware

Just over the last few days in Europe, recent cyberattacks against European oil port terminals are now raising concerns that it could lead to fuel shortages at a time when energy prices are already soaring. Another cyberattack against KP Snacks could lead to a shortage of popular British snacks including Hula Hoops, McCoy’s and Tyrrells crisps, Butterkist, Skips, Nik Naks, and KP Nuts.

Unfortunately, these are just the latest in a series of high-profile cyberattacks on critical infrastructures, such as Colonial Pipeline and JBS Foods in 2021 that have disrupted industrial operations, supply chains, and ultimately, the delivery of essential goods and services to consumers.

As such, Claroty CEO Yaniv Vardi pointed out that their research shows that critical infrastructure security is at a pivotal juncture. Threats are proliferating and evolving, but there’s also a growing collective interest and desire in protecting most essential systems.

“Security leaders looking to take their programs to the next level must account for all cyber-physical systems in their risk governance practices, segmenting their IT and OT networks and assets, extending their general IT cybersecurity practices to their OT devices, and consistently monitoring for threats across all networks,” said Vardi.

The report notes, “As long as the financial model continues to favor paying the ransom, these threats will continue. The only way to mitigate the risk is to understand how to make hypoconnectivity more secure. Gaps in processes and technology, some that have existed for years, must be addressed.”

The survey revealed an almost universally increased investment in cybersecurity, and strengthening of cybersecurity measures over the past two years driven by the pandemic and by high-profile, and highly damaging, ransomware attacks in the past.

A ransomware attack was also a wake-up call for many victims. These findings show that organizations have internalized the lessons learned from high-profile cyberattacks and are prioritizing cybersecurity by increasing investments and implementing new or updated processes and controls.

The reality is though until an organization becomes victim to a ransomware attack, cybersecurity may still not be taken seriously enough by most organizations. While large enterprises can afford to pay the ransom, the smaller businesses might be the ones who end up suffering the most from a ransomware attack.