A global study by Sophos shows that companies that have been affected by ransomware have different priorities after an attack than companies that have not previously had contact with it. Ransomware definitely has an impact on the professional self-confidence of IT managers.
Sophos presents further figures from its global study on ransomware. The results summarized in the section "Cybersecurity: The Human Challenge" show, along with many other important factors, above all: Companies that have been affected by ransomware have changed forever as a result. And: The role of qualified professionals in the field of cybersecurity has never been more crucial than it is today. While advances in automation and technology play an enormously important role in strengthening organizations' cyber defenses, effective security strategies increasingly require the use of human experts, for example with the help of Managed Threat Response (MTR) teams. And these, the study reveals, are significantly influenced, for example, by the effects that companies and IT teams experience as part of ransomware attacks.
Recruiting IT specialists remains a challenge
Another aim of the study, which was answered by 5000 IT managers from 26 countries around the world, was to gain an insight into the state of cybersecurity skills and resources around the world. For example, it has been shown, for example, that recruiting IT specialists worldwide is a challenge, companies are increasingly relying on the combination of technology and human IT security expertise and are also getting more IT security expertise from outside. IT managers who have been confronted with ransomware often lose their professional self-confidence.
Human expertise is essential for IT security
Even if attacks are often automated, there is a cyber criminal behind every cyber threat. Today's sophisticated attacks often combine the latest technology with practical live hacking. Protection against these human-led attacks also requires well-founded human expertise on the other side. According to the study, companies that have become victims of ransomware in particular have learned how important it is to have qualified security experts. Over a third (35 percent) of ransomware victims said that recruiting and retaining skilled IT security professionals was their biggest cybersecurity challenge. For companies that have not yet been affected, this value was only 19 percent.
In Germany, when it comes to security specialists, people are generally a little more relaxed: only 19 percent of those surveyed described the search for qualified security specialists as the greatest challenge.
Feeling behind: ransomware and its psychological consequences
A ransomware experience also has psychological consequences. A survived ransomware infection has an impact in particular on the professional self-confidence of IT managers and their approaches to combating cyber attacks. The study shows that IT managers in organizations that have been affected by ransomware are three times more likely to be of the opinion that they are dramatically behind when it comes to cyber threats (17 percent), compared to only six percent of IT colleagues in so far unaffected companies disagree. Interesting here is a value that is shown in Germany and indicates a generally good self-confidence among the ranks of IT managers: Regardless of whether or not affected by ransomware, no more than 10 percent of respondents in this country feel that they are lagging behind the development of cybercrime .
Once affected, the priorities change
Not only have the victims of ransomware attacks understood the importance of human-guided threat search and defense, they are also ready to act: 43 percent of ransomware victims plan to set up their IT security accordingly within six months. 33 percent of companies that have not yet been victims aim to do so.
An interesting study result can also be seen with a view to the focus within security. According to this, ransomware victims spend proportionally less time on threat prevention than those who were not affected (42,6 percent) and invest more time in response (27 percent) than those who were not hit (49 percent and 22 percent respectively ). This ties up more resources to deal with incidents instead of stopping them in the first place. The average distribution of priorities in German companies is just under 47 percent for prevention and a little less than 23 percent for response.
Attackers with ransomware continue to develop their tactics, techniques and procedures
“The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. But it could also indicate that given the complex, multi-stage nature of advanced attacks, they are more vigilant and therefore investing more resources in detecting and responding to the telltale signs of an imminent attack,” said Chester Wisniewski, principal research scientist at Sophos. "The fact that the criminals behind ransomware are constantly evolving their tactics, techniques and procedures (TTPs) definitely adds to the pressure on IT security teams." Wisniewski also quotes the SophosLabs Uncut article "Inside a New Ryuk Ransomware Attack”, which shows this.
Background data on the survey
The study "Cybersecurity: The Human Challenge" was carried out by Vanson Bourne, an independent specialist in market research. The survey interviewed 5.000 IT decision makers in 26 countries: USA, Canada, Brazil, Colombia, Mexico, France, Germany, Great Britain, Italy, Netherlands, Belgium, Spain, Sweden, Poland, Czech Republic, Turkey, India, Nigeria , South Africa, Australia, China, Japan, Singapore, Malaysia, the Philippines and the United Arab Emirates. All respondents came from organizations with 100 to 5.000 employees.
More about the study at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.