Join today’s leading executives online at the Data Summit on March 9th. Register here.
A new study from ExtraHop shows a major discrepancy between perception versus reality — 77% of IT decision-makers (ITDMs) said they were very or completely confident in their company’s ability to prevent or mitigate cybersecurity threats, yet 64% admit that their own cybersecurity incidents are the result of their own outdated IT security plans.
When the pandemic hit and organizations switched to a work from home (WFH) model, many also took the opportunity to modernize their IT infrastructures, finally decommissioning old on-premises applications and replacing them with new SaaS applications or other solutions. Unfortunately, they didn’t modernize their protocol use — leading to some misplaced confidence. Sixty-nine percent are transmitting sensitive data over unencrypted HTTP connections instead of more secure HTTPS connections. Another 68% are still running SMBv1, the protocol that WannaCry and NotPetya ransomware variants use to infect corporate networks.
The frequency of ransomware attacks over the past few years has only made this discrepancy worse. Eighty-five percent of companies are, on average, experiencing at least one ransomware attack per year, and 74% have experienced multiple attacks.
Another surprising takeaway: most companies admitted to paying the ransom when hit. Seventy-two percent of respondents admitted to paying a ransom, while 42% of companies that suffered a ransomware attack said they paid the ransom demanded most or all of the time.
Despite this being discouraged by the FBI, many organizations choose to make the payment to minimize the cost, which includes business downtime and end-user downtime.
The survey of 500 security and IT decision-makers in the U.S., U.K., France, and Germany was conducted by Wakefield Research and sponsored by ExtraHop. Survey participants came from a wide range of industries, including financial services, healthcare, manufacturing and retail, and worked at companies of varying sizes, including companies with annual revenue exceeding $50 million.
Read the full report by ExtraHop.