November. New Orleans.
No Excuses.
The Hybrid Identity Protection Conference is heading to NOLA and you're invited! Get the latest on ITDR, operational resilience, and leveling up your security posture. Are you hip, or are you HIP?
Register your rad self
Ransomware Risk Report: Embracing the Assume Breach Mindset
Victims Hit Multiple Times, 78% Paid Ransom
A global study of 900 IT and security professionals reveals that 74% of organizations targeted by ransomware were attacked multiple times, and 78% of victim organizations paid ransom, pointing to a cycle of breaches that cause escalating damage in revenue losses, operational cost, and—in some cases—human health and safety.
Alarming attack frequency, severity, and consequences
Ransomware, once a sporadic menace, has evolved into an unrelenting adversary.
Criminal groups orchestrate multiple strikes in rapid succession, exploiting vulnerabilities across organizations. Critical systems, including Microsoft Active Directory, are a top attack target.
The 2024 Ransomware Risk Report reveals concerning statistics for business, IT, and security leaders.
When multiple attacks happen, they tend to happen in quick succession. These data points suggest that multiple criminal gangs are leveraging organizations’ vulnerabilities to detonate a second or third malicious attack—in some cases, simultaneously.
Simon Hodgkinson Semperis Strategic Advisor & former bp CISO
Coming to terms with ransomware
Companies are suffering successful ransomware attacks multiple times within the same year—resulting in closures, layoffs, loss of revenue and customer trust, and cancelation of cyber insurance.
74%
of companies were attacked by ransomware not once, but multiple times—54% on the same day, and most within the span of a week.
78%
of targeted organizations paid the ransom—72% paid multiple times, and 32% paid 4 times or more.
The cost of what you pay to a ransomware group is not where the damage will end. And certain attacks aren’t money-driven; rather they aim to cause chaos and disruption.
Mickey Bresman Semperis CEO
Attacks cause data loss and business outages, even for victims with general backups
Ransomware attacks cause widespread and pervasive disruption, even for organizations that have general backups in place. Attackers are breaching systems through embedded operating systems, outdated technology that hasn’t had regular security updates, and long-forgotten backdoors.
Overall, complexity is rising, and you can only do so much in a day. Cloud computing has not lessened the burden or reduced operational complexity. You have to assume that malicious activity is happening in in your network, and you need the ability to find and undo it.
Guido Grillenmeier Semperis Principal Technologist (EMEA)
Can companies say “no” to ransomware?
Although 70% of respondents had an identity recovery plan in place, only 27% of respondents had dedicated, AD-specific backup systems. 61% of ransomware victims required more than a day to recover minimal IT functionality, extending business disruptions.
72%
of victims paid ransom multiple times
32%
paid ransom 4 times or more
Why did companies pay ransom?
Many respondents noted a desire to return to normal business as quickly as possible as a reason for paying ransom. Others, especially those in the IT/telecom industry, paid because they had cyber insurance to defray the costs. Still others considered the threat to patients, customers, their business, or their reputation to be worth the price of ransom. Unfortunately, ransom payment does not guarantee the receipt of usable decryption keys. Furthermore, attackers often use ransomware to deliver malware that can reinfect systems or cause other damage.
Threat to business, customers, or reputation
Access to cyber insurance
Quickly restore business operations
Matter of life or death
The true cost of ransomware
In any complex organization, security budget, staffing, and resource decisions are a balancing act. However, in the case of ransomware, executive leadership might be making those decisions without a complete understanding of the potential costs after an attack. Ransom payment does not guarantee the receipt of usable decryption keys. Furthermore, attackers often use ransomware to deliver malware that can reinfect systems or cause other damage. A successful attack typically costs much more than a ransom payment.
Ransomware attacks cause collateral damage far beyond the ransom payment
The ransom payment itself is only the beginning of the costs incurred from a ransomware attack.
“The cost of the ransom payment is not the sum total of the actual damage,” says Semperis CEO Mickey Bresman. “Certain attacks aren’t money-driven; rather they are aimed at causing chaos and disruption. In addition, the money that you pay is being used for other criminal activities, like human trafficking, drugs, and weapons.”
Chris Inglis noted that a ransomware attack is not a one-time or limited-time event that you can quickly address and then move on from.
“This is a life-changing event that has enduring, lingering effects. Loss of customer trust, loss of cyber insurance, regulatory prosecution … that scrutiny never goes away.”
Business disruption
Temporary or permanent closings
Brand damage
Loss of revenue or customers
Fines, lawuits, and cyber insurance cancellation
Layoffs and resignations
Few companies maintain dedicated identity protection
The identity system, particularly Active Directory, is now the security perimeter for enterprise organizations. The digitization of the modern enterprise has eliminated the idea of a defensible perimeter, creating a complex landscape for security professionals—and a broad attack surface for cyber criminals. Without AD-specific, malware-free backups, and a tested cyber-specific recovery plan, recovery will be prolonged, increasing the chance that the organization will decide to pay ransom to restore business operations.
At the center of this whole discussion is business viability: the ability of the company to achieve its aspirations and its commitments on behalf of its shareholders and customers. Attackers are trying to hold that at risk so that they can then convince you to buy them out. If they can achieve a successful attack on identity, then they own privilege, and they can then use that privilege to their benefit.
Chris Inglis Semperis Strategic Advisor & First US National Cyber Director
Why aren’t organizations prioritizing ransomware defense?
Organizations face multiple challenges in putting a layered ransomware defense strategy in place. Most respondents reported that their biggest hurdle to resilience was lack of support from the board of directors.
Chris Inglis notes that effective cybersecurity requires a three-pronged approach comprising corporate doctrine, skill building, and technology.
First step: Explain the value of identity-first security in business terms
“Technology can help us analyze and assess what’s happening, moment by moment,” Inglis says. “It can help us respond more quickly and recover more quickly. But the thing that is most wanting now is a collective realization that we all have a part to play. That starts with the board, not with the IT shop. The board is accountable; the SEC has made that clear. Regulations are increasingly making it clear: cybersecurity is a business issue.”
Lack of board support
Budget contraints
Outdated or legacy systems
Staffing shortages
Cybersecurity regulations
People tend to put their resources and effort into endpoint protection. But threat actors will get past the endpoint. And once they’re inside the network, they go through the whole identity system. What defense do you have when that happens? Because once they own your identity system, they have all the power. If your identity system goes down, none of your other solutions will work.
Sean Deuby Semperis Principal Technologist (North America)
More resources
Learn more about how to prevent, detect, and respond to identity-based attacks.
Experience a personalized demo
Request a demo and one of our product experts will give you a spin of our solutions.
