Ransomware attacks increased by 80 per cent over the last 12 months, according to a Sophos white paper. That means that ransomware attacks hit two out of three organisations in 2021. This demonstrates “that adversaries have become considerably more capable at executing the most significant attacks at scale,” it said.

Attackers are using ransomware-as-a-service where hackers buy sophisticated attacks off the shelf. As a result, low-skilled bad actors have the ability to use complex hacks.

Dealing with attacks

Despite the fact ransomware attacks increased, organisations have got better at recovering from them. For example, most breached businesses recover some encrypted data from hackers.

Most commonly, organisations restore their data using backups. But almost half of respondents (46 per cent) to the Sophos survey said they had paid the ransom to recover data.

“While paying the ransom almost always gets you some data back, the percentage of data restored after paying has dropped,” the report said. On average organisations that paid recovered only 61 per cent of their data – down from 65 per cent last year.  

The value of ransoms has rocketed. For example, businesses now pay an average of $812,360 per attack. That compares with an average of $170,000 the year before.

Low understanding

The UK government said that just over half of businesses (54%) acted in the past 12 months to identify cyber security risks. Its Cyber security breaches survey found that security monitoring tools (35%) were the most common defence. 

But qualitative interviews uncovered limited board understanding of the risk. “That meant the risk was often passed on to; outsourced cyber providers, insurance companies, or an internal cyber colleague,” the survey said.

In fact, a skills’ shortage in the area means organisations are turning increasingly to third party suppliers. A survey by Neustar Security Services found 89 per cent of security professionals increasing their dependence on such services. In fact, just over half of respondents said they were looking for risk management skills. 

This comes at a times when businesses are rushing to further digitise their businesses because of the pandemic. “Although 92 per cent acknowledged that implementing a digital initiative without fully understanding or addressing potential security challenges is a mistake,” it said, “56 per cent said their organisation had rushed to implement a digital initiative anyway.”