Customers are facing a crisis of trust in legacy vendors as software supply chain attacks continue to present challenges, according to the CrowdStrike Global Security Attitude Survey. The survey was conducted by research firm Vanson Bourne.
The report highlighted ransomware payout demands and extortion fees are massively increasing, while legacy trust IT vendors have dipped and organisations are getting slower at detecting cybersecurity incidents.
Recent attacks such as Sunburst and Kaseya have once again brought supply chain attacks to the forefront. About 63 per cent of respondents admitted that their organisation is losing trust in legacy vendors, like Microsoft, due to frequent security incidents against these previously trusted technology suppliers, as per the report.
“The survey presents an alarming picture of the modern threat landscape, demonstrating that adversaries continue to exploit organisations around the world and circumvent outdated technologies. Today’s threat environment is costing businesses around the world millions of dollars and causing additional fallout. The evolving remote workplace is surely accentuating challenges for businesses as legacy software like Microsoft struggles to keep up in today’s accelerated digital world,” said Chief Technology Officer at CrowdStrike, Michael Sentonas.
Three people out of every four respondents (77 per cent) have suffered a supply chain attack. A total of 45 per cent of respondents had experienced at least one supply chain attack in the past 12 months.
Also, 84 per cent of respondents are fearful of supply chain attacks becoming one of the biggest cybersecurity threats in the next three years, the report mentioned.
Survey data also indicated that ransomware attacks are continuing to prove effective. The average ransomware payments increased by 62.7 per cent in 2021 (from $1.1 million in 2020 to $1.79 million in 2021). Not only that, organisations are almost universally getting hit with ‘double extortion’ when threat actors not only demand a ransom to decrypt data, they additionally threaten to leak or sell the data unless the victims pay more money.
Survey data showed that 96 per cent of organisations that paid a ransom were forced to pay additional extortion fees, costing businesses on average $792,493.
“A total of 66 per cent of respondents’ organisations suffered at least one ransomware attack in the past 12 months. More than half (57 per cent) of businesses did not have a comprehensive ransomware defence strategy in place,” according to the report.
The average ransomware payment was $1.34 million in EMEA and $2.35 million in APAC and $1.55 million in the United States (US). The average ransom payment increased by 63 per cent in 2021 to $1.79 million (USD), compared to $1.10 million (USD) in 2020, survey data revealed.