Senior IT and security decision-makers around the world are concerned that the global pandemic and rapid adoption of a work-from-anywhere business model could negatively impact future growth, according to our study released today. Results of CrowdStrike’s third annual Global Security Attitude Survey, produced by independent research firm Vanson Bourne, reveal trepidation in how leaders view the current threat landscape and their organization’s cybersecurity readiness.
The study surveyed 2,200 senior IT decision-makers and security professionals during August and September 2020 across Australia, France, Germany, India, Italy, Japan, Middle East, Netherlands, Singapore, Spain, U.K. and U.S., drawing respondents from a wide range of industries. All respondents were from organizations with 250 or more employees and represent both private and public sector organizations.
Among the key findings in this year’s report is a growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks (71%), with 56% of organizations reporting a ransomware attack within the last 12 months. In addition, 87% of respondents indicated that nation-state attacks are much more common than most people think. In fact, 73% say these attacks are the single biggest threat to their organizations.
Potentially compounding the risks, a large majority of respondents (84%) say they have accelerated their digital transformation efforts as a result of COVID-19, with 45% stating that they have increased cloud rollouts to support employees working remotely.
Ransomware Continues to Proliferate, Costing Millions
It’s no secret that ransomware attacks have continued to plague organizations and the global pandemic has created fertile ground for adversaries to renew and evolve their efforts. CrowdStrike has often addressed the evolution of ransomware in its many different forms, most recently in a two-part blog series that explores the ransomware tactic of using data leak extortion to amplify demands and the adversaries who are using this approach.
The survey seems to indicate that organizations realize the link between COVID-19 and an increase in both ransomware attacks and the costs they incur, as some organizations are choosing to pay the ransom rather than endure protracted interruptions to their business processes or risk having sensitive corporate data exposed. The danger and increasing sophistication of ransomware is not lost on this year’s survey respondents, with 54% expressing concern over ransomware attacks — a significant increase over last year’s finding of 42%.
Whether to pay the ransom or not can be a difficult decision organizations face. A recent advisory from the U.S. Department of the Treasury warns that “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC [the Office of Foreign Assets Controls] regulations.” OFAC, which is part of the U.S. Department of the Treasury, administers economic and trade sanctions that could impact companies that choose to pay a ransom.
Despite the possible risk of sanctions, of the organizations reporting a ransomware attack, 27% chose to pay the ransom, averaging a total of $1.1 million USD paid by each. Regional comparisons show only a modest disparity, with APAC hit the hardest with average payouts of $1.18 million USD. EMEA came in at $1.06 million USD, while the U.S. was lower with an average of just under $1 million USD paid to attackers.
Despite the increased worry over ransomware, the survey does note a positive trend — 76% of organizations that suffered a ransomware attack upgraded their security software and infrastructure to reduce the risk of a future attack. In addition, 65% upgraded their security staff with the same objective in mind.
A Major Concern: Nation-State Attacks and Their Effect on Business Growth Post-COVID-19
For the past several years, CrowdStrike has continued to observe a blurring of the lines between nation-state and eCrime attack methodologies. This includes the use of eCrime tactics such as ransomware by well-funded nation-state adversaries. As the survey shows, a large majority of organizations (87%) are aware that nation-state attacks pose a threat and many believe this situation has been exacerbated by the pandemic. In fact, 47% of respondents believe that vulnerabilities caused by the global pandemic are a key driver of malicious nation-state activity. These vulnerabilities can include: new attack surfaces exposed by rapidly enabling a remote workforce, BYOD (bring your own device) connecting to the corporate network, sensitive data exposed to unsafe WiFi networks and more.
Respondents also point to other motivating factors behind these nation-state attacks, with access to valuable customer data and gaining financial or intellectual property cited by 51% and 50%, respectively. The survey results reveal that pharmaceutical companies and biotech industries may be more likely to experience other attacker motives, including intelligence gathering (52%), provoking instability in the organization’s country (44%) and gaining political capital (36%). Organizations are also aware of how tensions between countries can impact the threat landscape, with 89% of respondents fearful that ongoing international rivalries may cause a considerable increase in cyber threats. Overall, the survey shows that the motivations driving nation-state attacks stretch far and wide, which explains why organizations across the spectrum are concerned.
Organizations Need Both Digital and Security Transformations
The report shows that the vulnerabilities related to the COVID-19 pandemic, coupled with the growing threats from eCrime and nation-state attackers, have forced organizations to accelerate their already-rapid digital and security transformations. A vast majority of respondents agree that addressing these threats has required increased investment — $100,000 and up — which was quickly scaled when the need to deploy a fully remote workforce became a reality.
The survey further reveals how organizations have increased spending to address these issues, with 61% of respondents reporting that they have spent in excess of $1 million on digital transformation over the last three years. In addition, a large majority of organizations have also invested in modernizing their security tools and/or increased the rollout of cloud technologies as employees have moved to work remotely (66%). This focus on improving security posture by increasing their investment in modernizing cybersecurity and accelerating cloud adoption also seems to have increased respondents’ optimism, with 78% of them reporting a positive outlook on their organizations’ security strategies and architecture over the next 12 months.
There is no doubt that 2020 has been one of the most challenging years for organizations across the globe — and the concerns expressed by respondents in this survey are echoed by IT and cybersecurity professionals everywhere. The good news is that organizations seem to have a better understanding of the risks they face and are more willing to invest in the rapid digital and security transformation actions needed to mitigate these risks and ensure success.
Here are some recommendations to help your organization improve security posture and ensure your cybersecurity readiness:
- Continue to invest in digital transformation to keep pace with the eCrime and nation-state threats. Replacing legacy, on-premises technologies with cloud-native platforms — such as CrowdStrike Falcon® — that are designed to protect remote and hybrid environments will be critical to ensuring protection in the new work-from-anywhere environments that are here to stay.
- Focus on protecting all workloads wherever they are rather than maintaining security models built around network perimeters. A solution such as CrowdStrike® Falcon Cloud Workload Protection provides breach protection across private, public, hybrid and multi-cloud environments so you can rapidly adopt and secure technology across any workload.
- Integrate identity protection with run-time protection of workloads, endpoints and mobile devices to alleviate the strain on IT teams, and keep your organization secure by allowing your team to plan, implement and migrate to the cloud-native applications you need to secure your business and employees — no matter where they are located.
- Strive to meet the 1-10-60 rule that CrowdStrike introduced in 2018: one minute to detect a threat, 10 to investigate and 60 to contain and remediate. The survey reveals that it takes organizations an average of 117 hours to even detect an incident or intrusion (reflecting very little improvement from 120 hours in 2019) — and many more to investigate and contain it. The CrowdStrike Falcon platform enables security teams to shorten the time to investigate and understand threats by providing deep context, seamlessly integrated threat intelligence and sophisticated visualizations.
In summary, eCrime and nation-state attacks will continue to proliferate, and organizations will undoubtedly fall victim to them. The current threat environment, coupled with a global pandemic, can seem daunting – even insurmountable – when striving to ensure protection across remote and hybrid environments. However, with the right technology, people and processes — and continued investment in digital and security transformations — your organization can avoid becoming the next cyber breach victim.
- Download the report, “2020 CrowdStrike Global Security Attitude Survey: Insights into Security Transformation and Prevalent Attack Vectors in a Work-from-Anywhere World.”
- Join our CrowdCast on Nov. 24 with CrowdStrike VP and former Gartner analyst Ian McShane for an illuminating look into the survey results and the ramifications for your security going forward.
- Read the press release.
- Learn more about the CrowdStrike Falcon platform by visiting the webpage.
- Learn how CrowdStrike Falcon Cloud Workload Protection provides comprehensive breach protection across private, public, hybrid and multi-cloud environments.
- Learn how Falcon HorizonTM stops cloud breaches in their tracks with cloud security posture management made simple.
- Get a full-featured free trial of CrowdStrike Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.