Firms make headway against ransomware, but attacks overall are up
Ransomware attacks are significantly declining, and active defense strategies are highly effective but underused, according to a recent report by ISACA, a global association of technology professionals.
For its State of Cybersecurity 2018 report, ISACA surveyed 2,366 cyber security professionals, and found that 50 percent have seen an increase in cyber attack volumes relative to last year. In addition, 80 percent of respondents said they are likely or very likely to be attacked this year.
Despite an increase in cyber attacks generally, however, ransomware attacks are significantly declining. Last year, 62 percent of respondents experienced a ransomware attack, compared with 45 percent this year, 17-point drop. This is likely because organizations are significantly better prepared after last year’s WannaCry and NotPetya attacks, the study said.
Eighty-two percent of respondents said that their enterprises now have ransomware strategies in place, and 78 percent said they have a formal process, up 25-points from last year.
While the findings are positive, ISACA said, the data shows that ransomware attacks might have been displaced by cryptocurrency mining, which is becoming more frequent. Cryptocurrency mining malware can operate without direct access to the file system, it said, making them harder to detect. And as the prices of cryptocurrencies increase, the economics of cryptocurrency mining malware becomes better for the attacker.
The report said the three most common attack vectors remain unchanged from last year: phishing, malware, and social engineering.