Report shows two out of three Spanish companies suffered ransomware attacks in 2021
Working from home has definitely created a paradise for cybercriminals, consisting of vulnerable computers, with network access, and companies that do not have the highest security conditions. The consequences are that two out of three Spanish companies would have suffered a ransomware attack in the last year.
According to CrowdStrike, a cybersecurity company, online criminals have several strategies to generate an attack. They can use malwarewhich is basically software designed to stealthily gain access to a device, or spyware, malicious software that collects personal information.
Then they have hacking, malware that changes browser settings to direct you to malicious sites, and lastly, ransomware option, malware that encrypts data or locks devices until payment is made. ransom.
An annual report on global security, conducted by independent analyst firm Vanson Bourne, showed that 63% of the cybersecurity leaders of the companies surveyed (2,200 security professionals in the United States, EMEAand APAC) used traditional security solutions.
These are the most widely used protection systems, but have proven slow to discover and mitigate an incident, typically around a week. As a result, organizations ran the risk of being extorted to continue operating. On average, this meant they had paid around €1.5 million on average, and most of the companies that paid, then suffered a second extortion.
“The report paints a compelling picture of today’s enterprise security environment. Cybercriminals are innovating in their methods of accessing corporate systems and organizations are failing to update their security technologies,” said Michael Sentonas, CTO of CrowdStrike.
“It is true that remote work raises the stakes for companies, because the most widespread protection models, such as that of Microsoft, are not adapted to this reality”.
Experts admit to being worried about the figures and statistics revealed in the report. For example, it showed that two out of three Spanish companies had suffered a ransomware attack in the past year.
As many as 63% of security managers admitted that they are losing their trust in traditional vendors due to the increase in incidents they are seeing.
Three in four executives said their company had experienced a supply chain attack and 84% feared they would experience a supply chain incident in the coming years.
In Spain, 80% of companies surveyed admitted to avoiding partners they perceived to have weak security systems. This was for fear of suffering an indirect attack, while up to 37% had lost trust in their partners after analyzing their systems.
To all this must be added the increasing efficiency of cybercriminals. Ransoms statistically increased by 62.7% in 2021. More than half of businesses – 57% – said they did not have a comprehensive ransomware protection strategy.
In Spain, 64% of companies surveyed had experienced a ransomware attack in the past year, but only a quarter of those affected had paid the ransom, varying between €200,000 and €2 million.
CrowdStrike’s recommendation is to follow the 1-10-60 rule. 1 minute to detect the threat, 10 minutes to understand it and 60 minutes to solve it. The problem is that organizations currently take 146 hours to detect an incident, compared to 117 hours in 2020.
Once detected, it took them 11 hours to figure out how it happened and what the threat was. Then, it took them another 16 hours to fix it, while criminals need “only” 92 minutes on average, to bypass security measures.
Most Spanish companies needed a full day to detect the incident, although some lucky – or well-prepared – three out of ten were able to do it in an hour, as reported larazon.es.