2023 Predictions: Ransomware will continue to plague organisations

From attacks on critical infrastructure to individual businesses, it’s clear that in today’s threat landscape no systems are safe and there are no signs of cyber criminals slowing down their efforts.

Our own research from earlier this year suggests that as many as one in three organisations experience a ransomware incident at least once a week, and one in 10 subjected to attacks more than once a day.

While the volume of attacks will continue to grow, the techniques used by cyber criminals will also become more advanced. There will continue to be a rise in a new class of cyber attacks, known as Highly Evasive Adaptive Threats, or HEAT, designed to by-pass detection from traditional security tools such as Secure Web Gateways, sandbox analysis and phishing detection solutions.

Threat actors will come up with increasingly sophisticated ways of executing these attacks. Developing spear phishing emails that look highly legitimate; embedding malware in digital advertisements and content modules; double extortion and DDoS attacks.

Unfortunately, weak links in the cyber security chain will remain. Our research found that employees ignoring corporate security advice tops the list of security decision makers’ biggest concerns. Security professionals are also worrying about ransomware attacks evolving beyond their team’s knowledge and skillset, and beyond their company’s own security capabilities. Education, training and awareness will become more important than ever. By educating employees properly about modern threats, companies can then turn workforces into a staunch first line of defence working to keep ransomware at bay.

Aligned with this, businesses will need to enforce the right policies, protocols and protection to tackle sophisticated threats supported by security strategies and solutions that offer a multi-layered defence.

Zero Trust should be embraced as a key principle if not already, moving away from the outdated idea that everything within an organisation’s network should be trusted. By provisioning trust blindly, any attacker that infiltrates a network successfully can then move freely through internal systems, accessing and exfiltrating data without any meaningful resistance. With Zero Trust, all traffic is continually verified.

There’s also the question of ransom demands and whether to pay them. One third of security professionals in our research say they worry about paying a ransom demand and not getting their data back. Two-thirds would still pay a ransom demand, while nearly a third say it’s down to their insurance company to pay it.

Industry figures suggest there is a disparity between the perceived and actual cost of recovering from a ransomware attack among professionals. Our survey shows that the average perceived cost is £276,701, with insurance pay-outs extending up to an average of £471,175. However, industry figures show the average total cost of recovery from a ransomware attack in 2021 was £1.2m.

With current insurance pay-outs unable to cover even half the average cost to recover from ransomware, many firms could suffer serious financial consequences. More alarming is that a quarter of businesses cannot say with certainty that they have cyber insurance, so something to consider in the coming year. In deciding whether to pay or not to pay a demand ultimately depends on each company’s level of preparedness. With the right processes and strong backups in place, they won’t need to pay it.

We will continue to see an escalation in ransomware attacks in the future, and as a result we anticipate a shift in security approach toward methods that prevent threats before they reach the network or endpoint, rather than the outdated ‘detect and respond’ technology that many organisations still use.

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023