Fortinet Ransomware Survey Shows Many Organizations Unprepared

Ransomware is plaguing organizations at an increasing rate. According to the recent 1H Global Threat Landscape Report from FortiGuard Labs, ransomware incidents have increased nearly 1100% over the past twelve months. And in a new global ransomware survey conducted by Fortinet, an astonishing 67% of organizations report having been a ransomware target—with nearly half saying they had been targeted more than once and almost one in six saying they had been attacked three or more times.

Because of this, 94% of organizations indicate that they are concerned about the threat of a ransomware attack, with 76% being very or extremely concerned. In fact, 85% are more worried about a ransomware attack than any other cyber threat. Their top concern (62%) about it is the risk of losing data, which is understandable. Today's businesses run on data. So, while loss of productivity (38%) and the interruption of operations (36%) are also top concerns, they are events that can be recovered from much more quickly than a significant loss of data. Recent high-profile cases include the Colonial Pipeline attack that disrupted oil and gasoline distribution across the United States' East Coast region and the JBS Foods attack that led to concerns about a global meat shortage have helped fuel those concerns.

Of course, organizations are well aware of the risks of ransomware. And because of this, they have had plenty of time to prepare. 96% feel they are at least moderately prepared for an attack. But there is an apparent disconnect between their feelings of preparedness and the tools and plans they have in place to address an attack. For example, less than half have a strategy that includes such things as network segmentation (48%), forensics abilities (34%), testing ransomware recovery methods (28%), or red team/blue team exercises (13%) to identify weaknesses in security systems. They also place critical security technologies, like secure email gateways (33%), network segmentation (31%), UEBA (user and entity behavior analytics) (30%), SD-WAN (13%), and sandboxing (7%) at the bottom of their list of tools they consider essential for securing themselves against ransomware.

Instead, they are relying on things like employee cyber training (61%), offline backups (58%), and cybersecurity/ransomware insurance (57%). While such measures are valuable, they are hardly complete. Interestingly, while 72% of respondents claim they have a ransom policy in place, the procedure for 49% of them is to pay the ransom outright. For another 25%, the decision to pay a ransom depends on how expensive it is. 

Protect Your Organization Against Ransomware Attacks Fortinet

The following best practices can help focus strategies to protect against this growing threat:

Know Your Risks and Plan Accordingly: There are several ransomware attack strategies that organizations need to prepare. Web-based attacks that target and compromise vulnerable systems are a significant attack vector, and Secure Web Gateways can help protect end-users. Fortunately, 52% of organizations include such technology in their ransomware plans. But the most common entry method reported by respondents was phishing, which combines social engineering and user manipulation with an infected email that includes malicious links or attachments. And while end-user training can go a long way towards preventing users from clicking on a malicious link or attachment, it only provides a partial solution. A modern secure email gateway should identify malicious links and attachments, analyze them in a sandbox, and ideally disarm them before they ever lure a user into downloading ransomware or (for those with a high-security concern) browse to links and files in an isolated browser environment.

Stop Known Threats: Organizations should also seek out a platform-based cybersecurity solution that stops known ransomware threats across all attack vectors. This requires a layered security model that includes network, endpoint, and data-center controls powered by proactive global threat intelligence. In addition to traditional security tools, it should also include behavioral analytics to quickly identify and stop a breach.

Detect New Threats: As existing ransomware is constantly morphing and new ransomware is being released, it is essential to implement sandboxing and other advanced detection techniques to pinpoint new variants across those same vectors. Similarly, real-time behavioral detection at the endpoint is just as critical as detecting malware on its way to the endpoint. 

Protect Endpoints: And while new advanced endpoint technologies like EDR (endpoint detection and response) can identify malicious ransomware—based on behavior in addition to threat intelligence, organizations need to implement critical technologies like Secure Web Gateways, SASE, and ZTNA for secure application access to extend protections to their remote and mobile workers.

Prepare for the Unexpected: Dynamic network segmentation helps protect against ransomware's worm-like behavior. With an effective segmentation strategy in place, a breach can be restricted to a small portion of the network. Likewise, data backup with offline storage and recovery is critically important. 

Encryption is Critical: Although it can be time-consuming, encrypting all data at rest prevents criminals from threatening to expose data online or resell stolen information on the dark web if a ransom is not paid.

Secure the Entire Infrastructure: Traditional WAN connections are rapidly being replaced with SD-WAN because it is inherently smarter and more agile. But in many cases, SD-WAN is not necessarily more secure—which is why every organization with an SD-WAN strategy needs to be considering a secure SD-WAN solution (SD-WAN built on a security-based platform, like an NGFW) as their primary approach to replacing legacy remote connectivity to cloud and data center resources from branch offices and certain super-users.

Ransomware Attacks are a Global Concern

Ransomware has become a top global concern. The White House has announced the formation of a cybersecurity task force. It has also designated those who perpetrate ransomware attacks as terrorists, giving law enforcement agencies additional resources and stricter penalties when fighting cybercriminals. Other countries are doing the same. Law enforcement agencies, like Interpol, are also raising the bar on combating ransomware. The Department of Justice (DoJ) has also directed federal prosecutors across the U.S. to coordinate any ransomware investigations with the new Ransomware and Digital Extortion Task Force set up to focus on ransomware. These are important developments given the threats governments and other organizations face today.

But we all need to do our part. And that starts by building an effective ransomware strategy, including critical security resources designed to address ransomware attack vectors. It's an action every organization needs to prioritize.

Learn more about the findings in the 2021 Ransomware Survey Report and infographic about how organizations can implement protection and defensive measures. 

See also Fortinet’s blog posts on ransomware settlements and how cybercriminals seek ransomware settlements.