OpenText: Supply Chain Attacks Rising, Companies Paying Ransoms
Ransomware as a business is booming.
A new OpenText Cybersecurity survey shows supply chain attacks surging and ransom payments continuing despite improved defenses.
OpenText Cybersecurity's 2024 Global Ransomware Survey reveals the current state of ransomware attacks, including ransom payments, the impact of software supply chain attacks and generative AI. OpenText Cybersecurity polled nearly 1,800 C-level executives, security professionals, and security and technical directors from SMBs and enterprises in the United States, the United Kingdom, Australia, France, Germany and India.
Key findings from the OpenText Cybersecurity survey include:
Sixty-two percent of respondents have been impacted by a ransomware attack originating from a software supply chain partner in the past year.
Nearly one-half of respondents (48%) reported their company has previously experienced a ransomware attack, with almost three-quarters (73%) of companies experiencing a ransomware attack this year.
Among those who experienced a ransomware attack in the past year, about half (46%) paid the ransom, with 31% of those payments ranging between $1 million and $5 million.
Nearly half (45%) of respondents observed an increase in phishing attacks due to the widespread use of AI.
Over three-quarters (76%) of SMBs reported experiencing a ransomware attack in the past year while 70% of large enterprises reported experiencing a ransomware attack in the past year.
Other OpenText Cybersecurity Findings
Businesses face a continuing struggle to stay ahead of evolving ransomware threats and the rising cost of attacks, according to OpenText Cybersecurity.
When asked if recent breaches by key industry vendors like Change Healthcare, Ascension and CDK Global that caused sector-specific outages and losses made them more concerned about being impacted by a supply chain attack, almost half (49%) are more concerned, enough to consider making vendor changes.
Organizations, including SMBs, continue to invest more in cloud security, and security awareness and phishing training, according to the OpenText Cybersecurity survey.
Grayson Milbourne, security intelligence director at OpenText Cybersecurity, said it was surprising to see the percentage of companies impacted by a ransomware attack that paid ransoms.
OpenText Cybersecurity's Grayson Milbourne
“These findings are strong indicators that ransomware as a business is continuing to boom, and organizations of all sizes, from SMBs to large enterprises, need to be prepared to defend themselves,” he said.
Downstream Ransomware Attacks Draw Fear
The survey found 91% of respondents are concerned about ransomware attacks on their company’s downstream software supply chain, third-party and connected partners.
“To help combat this concern, organizations need to evaluate the security of vendors throughout their supply chain,” Milbourne said. “When it comes to software, software bills of materials (SBOMs) are helping to rapidly identify the impact of a new vulnerability when it's discovered. It’s also important to evaluate dependencies within the supply chain that can help identify risk and enable organizations to take proactive security and resilience measures. Supply chain disruptions aren’t always cybersecurity related, as we’ve seen with recent natural disasters such as hurricanes and port strikes across the United States, making resilience to withstand these types of risks especially important as well.”
The survey shows resilience to ransomware attacks is improving among partners and customers, he said.
“As awareness and regulation around ransomware threats grow, there is a great opportunity for partners to address their customers’ cybersecurity needs,” Milbourne said. “Over half (56%) of companies outsource security to an IT or managed services provider now.”
In the months ahead, OpenText Cybersecurity expects continued and increased activity in the ransomware ecosystem, including ransomware as a service (RaaS) attacks, he said.
“AI continues to lower the bar for entry into cybercrime and the penalties for participation don’t discourage new participants,” Milbourne said. “The cost of a ransomware breach will also continue to rise as it has year over year since ransomware went mainstream over a decade ago.”
About the Author
You May Also Like