Hornetsecurity Survey Proves Accelerating Pace of Ransomware Attacks in 2022Hornetsecurity Survey Proves Accelerating Pace of Ransomware Attacks in 2022
Many organizations incorrectly believe Microsoft 365 is protected from ransomware attacks.
September 26, 2022
The latest Hornetsecurity survey confirms the cybersecurity industry’s expectations that the pace of ransomware will intensify in 2022.
Hornetsecurity polled over 2,000 IT leaders for its latest annual survey. Among the findings, nearly a quarter of businesses have suffered a ransomware attack. A fifth of those occurred in the past 12 months.
Cyberattacks are happening more frequently. Last year’s ransomware survey revealed one in five companies experienced an attack. This year it rose to 24%.
Hornetsecurity’s Daniel Hofman
Daniel Hofmann is Horetsecurity‘s CEO.
“We certainly see the pace of ransomware infection increasing, along with a decrease in the number of organizations enabling email spam/malware protection,” he said. “One reason we suspect to account for the decrease is the increasing rate of adoption of Microsoft 365 as a platform.”
Many organizations that have adopted cloud services believe the cloud vendor is protecting them from things like ransomware, Hofmann said.
“Sadly, in most cases, Microsoft 365 included, this isn’t the case,” he said. “And it’s up to the company to secure and protect their own data.”
Lack of Knowledge on Available Security
The Hornetsecurity survey highlighted a lack of knowledge on the security available to businesses. A quarter of IT professionals either don’t know or don’t think Microsoft 365 data can be impacted by ransomware.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organization admitted they don’t have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
“With the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks,” Hofmann said.
Survey responses showed the widespread lack of preparedness from IT professionals and businesses. That includes an increase in businesses not having a disaster recovery plan in place.
In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.
The survey also showed that more than one in five businesses that were attacked either paid up or lost data. Hackers have an incentive to run these ransomware attacks because there’s a decent chance they’ll get a payday. Seven percent of IT professionals whose organization was attacked paid the ransom, while 14% admitted that they lost data to an attack.
‘It Won’t Happen to Me’ Still Prevalent
The mentality of “it won’t happen to me” is certainly something Hornetsecurity continues to see, Hofmann said. That’s especially true as more organizations adopt cloud services.
“There are several misconceptions when it comes to ‘the cloud’,” Hoffman said. “New adopters often assume that security and data protection are handled as part of their monthly bill, which isn’t the case. We also see cases where some organizations believe that platforms such as Microsoft 365 are not susceptible to ransomware attacks. This simply isn’t true. In either case, the organization is putting itself at enormous risk for data loss, damaged reputation, and all the other issues associated with a security breach.
Nearly 60% of ransomware attacks originate via email/phishing attacks, Hofmann said.
“That tells us that focusing any limited budget on that key problem alone provides a lot of protection for the money spent,” he said. “Service providers that focus on this key area for their budget-strapped customers can provide a lot of protection and peace of mind. On top of that, service providers can further help with this by providing proven solutions from trusted security vendors that help fill in the unique organizational security gaps for each of their customers. For example, maybe you have a customer in a highly regulated industry like finance. Providing additional security services such as end-user security awareness training can bring additional trust and protection for your valued clients.”
About the Author(s)
You May Also Like