The ransomware trend continues to run rampant. One in four breaches involve ransomware, and organized crime actors use ransomware in more than 62 percent of incidents. Cyber criminals are taking advantage of these new opportunities to exploit a greatly expanded attack surface:
- Ransomware attacks doubled in 2021, then spiked again in the first half of 2022.
- The overall cost of recovering from a ransomware incident is trending upwards.
- On average, businesses experience 20 days of downtime from ransomware.
- One in four consumers will abandon a product or service after a ransomware-related disruption.
- From May 2021–June 2022, ransomware groups took credit for 3,640 incidents on their webpages.
But ransomware is only one small piece that a security leaders has to manage. The threat of ransomware is compounded by a distributed workforce, trends toward technology consolidation, geopolitical upheaval, and budget constraints. Cyber criminals take advantage of vulnerabilities, stolen credentials, phishing, malicious code on web pages, and social engineering to steal a company’s information and sell it back to them.
A CISO or cyber risk leader needs the right data to give them insights into where they might be most exposed or at-risk to experience an attack. Over the course of two and a half years, Bitsight’s research team analyzed hundreds of ransomware events to estimate the relative probability that an organization will experience a ransomware event. Four key areas bubbled to the top.
Key takeaways from Bitsight's ransomware research
While no organization is immune from determined cyber criminals, there are best practices for minimizing the likelihood of experiencing a successful ransomware attack. Chief among them is a relentless focus on cyber hygiene—a set of essential practices and tasks a company uses to keep systems, data, and users secure every day. Good cyber hygiene significantly lowers the chance of cyber incidents.
Over the course of two and a half years, Bitsight’s research team analyzed hundreds of ransomware events to estimate the relative probability that an organization will experience a ransomware event. The analysis looked back over five six-month periods benchmarked against companies with a high Bitsight Security Rating for security effectiveness. At a high level, the data shows:
- Organizations with a lower Rating increasingly become more likely to become a ransomware target. For example, a Rating lower than 600 is 6.4 times more likely to be successfully targeted by ransomware compared to those with a 750 Rating.
- Poor patching cadence correlates to a nearly sevenfold increase in ransomware risk for companies with a C grade or lower.
- Companies with a C grade or lower in TLS/SSL Configurations are nearly four times more likely to be a ransomware target.
- Companies with a C grade or lower in TLS/SSL Certificates are roughly three times more at risk of a ransomware incident.
Bitsight continuously and non-intrusively assesses organizational cybersecurity performance by evaluating security performance observations across 23 different risk categories. Bitsight processes more than 250 billion security measurements on a daily basis to provide an objective Security Rating based on its observations that is independently verified to be correlated with risk of incident.
Letter grades provide a quick way to understand how a company is performing in each risk type, as well as a meaningful way to compare risk type performance of one company to another. They are directly correlated to how well a company is performing, relative to all companies in the Bitsight inventory:
- Grade A is the top 10% of companies.
- Grade B is the top 30% of companies.
- Grade C is the top 60% of companies.
- Grade D is the bottom 40% of companies.
- Grade F is the bottom 20% of companies.
Figure 1: Risk Based on Patching Cadence Grade. Poor patching performance correlates to a nearly sevenfold increase in ransomware risk for companies with a C grade or lower.
Figure 2: Risk Based on TLS/SSL Certificates Grade. Companies with a C grade or lower in TLS/SSL Certificates are roughly three times more at risk of a ransomware incident.
Figure 3: Risk Based on TLS/SSL Configurations Grade. Companies with a C grade or lower in TLS/SSL Configurations are nearly four times more likely to be a ransomware target.
Cyber hygiene matters.
It's unlikely that lapsed TLS/SSL encryptions or a missed patch would be the singular, direct cause of a successful ransomware attack. But, it indicates that the cybersecurity program has poor cyber hygiene and may have gaps in vulnerability management, a challenge with Shadow IT, or program management, all of which increases cyber risk. A program with good cyber hygiene and high maturity will effectively address concerns like patch, vulnerability, and configuration management. While the Rating and risk vectors offer specific evidence, the reducing ransomware risk will come from an overall improvement in cyber practices. Risk reduction comes from an overall improvement in practices.
Companies that demonstrate strong cyber health have a lower risk of successful ransomware and other cyber attacks, offering a variety of positive benefits:
- Preventing catastrophic outcomes, such as financial losses and business downtime
- Instilling stronger brand reputation and trust with partners, vendors, and customers
- Increasing the chance of gaining cyber insurance coverage and better premiums
Interested in seeing how effective you are at preventing the risk of ransomware? Get your organization’s Bitsight Security Rating and see how your security compares to industry benchmarks or explore more details about our ransomware research.