TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research & Innovation
  • Security
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Security

Security

Majority of organisations pay ransom money to cybercriminals to get their data and systems back

Martyn Warwick
By Martyn Warwick

Apr 7, 2022

© Flickr / cc licence / Visual Content

© Flickr / cc licence / Visual Content

  • In 2021, 71 per cent of organisations surveyed by CyberEdge Group suffered a successful cyberattack
  • Many enterprises say it’s cheaper to pay blackmailers and keep the show on the road rather than spend big on countermeasures
  • This despite attackers coming back again and again to drink from the same well
  • Cyber-security: always a priority, but too often for “next year”

A new piece of research shows that, over the course of 2021, 63 per cent of enterprises and organisations subject to a ransomware attack paid the extortioners – even as governments, national authorities and solutions vendors pressured victims to strengthen and update their often outmoded and insufficient cybersecurity provisions. Many of these systems are so far behind the times that they are frequently hit a second or even a third time by the same cybercriminals who, having been paid off and escaping scot-free the first time around, come back to do it all again – and again.

The Cyberthreat Defence Report 2022, from the CyberEdge Group, the Annapolis, Maryland-based research-and-analysis company that specialises in covering and supporting service providers and cybersecurity vendors, shows that, last year, 71 per cent of the organisations (of all types) that it surveyed suffered some form of a successful cyberattack. The incidence has risen by 16 per cent over the last couple of years and ransomware incursions are now a persistent and spreading blight across the global telecoms, service provider and IT community, costing huge sums, in terms of both hard cash paid and other resources dedicated to getting systems and software up and working again.

Steve Piper, the founder and CEO of CyberEdge, comments: “These days, being victimised by ransomware is more of a question of ‘when’ than ‘if’. Deciding whether to pay a ransom is not easy. But if you plan ahead and plan carefully, that decision can be made well in advance of a ransomware attack. At the very least, a decision framework should be in place so precious time isn’t wasted as the ransom payment deadline approaches.”

That sounds self-evident and obvious but far too many enterprises continue to stick their heads in the sand and just hope that they won’t be targeted or won’t suffer too badly if (when) they are in the majority of those that are hit simply pay-up and carry-on. A lot of lip service is paid to doing something about strengthening cyberdefences but intentions to do something to ameliorate the potential of more attacks often fade as things get back to normal and the financial costs are written through and off the balance sheets. It’s the same with those that haven’t been attacked where concentrating on the daily routine of an organisation continues to take precedence over precautionary planning. As the proverb has it: “the road to hell is paved with good intentions”.

The CyberEdge report shows there are three reasons why organisations pay ransoms: the threat that the extortionists will expose and publicise the data they have stolen, the fact that it can be cheaper to pay the blackmailers than spend on providing proper cybersecurity defences, (at best a short-sighted decision given that attacks can be repeated and at worst just straightforward stupidity) and an increasing (put frequently misplaced) belief that it is getting easier to recover stolen data.

Short of skills, long on training time 

The report also states that few organisations have the necessary (or even any) skilled cybersecurity defence experts working for them and that, from management down, there is a distinct, continuing and very limited awareness of cybersecurity as a huge problem that is getting worse and worse. What’s more, as a result of Covid-19, many enterprises are now more or less permanently short-staffed and those cyberspecialists that are still in-post are under extreme pressure that never lets up. As a result, many are resigning, taking their experience with them when they go, while recruiting and training new staff is a slow and expensive process. It takes months to train people in cybersecurity protocols and defence strategies and not many people are coming forward to take on the intensity and responsibility of completing the training or later applying it in an organisational environment.

CyberEdge says the actions to take to minimise the possibilities of a debilitating and (literally) extortionate ransomware attack are straightforward enough but require a willingness to accept that cash and resources need to be spent now, while successful prevention of later cyberattacks is difficult to prove. That said, systems should always provide detailed logs of any and all attempted incursions and show the defences that were employed to combat them, how then firewalls stood up to the attacks and have the ability to produce advanced security analytics.

Just last month in the UK, the Department for Digital Culture, Media and Sport (DCMS) revealed that at least 50 per cent of UK organisations are suffering from a shortfall in cyber-skilled staff. It’s much the same throughout Europe and North America, and it’s a problem that’s going to take significant time to solve.

Related Topics
  • Analysis & Opinion,
  • News,
  • Security

More Like This

Security

Telefónica Tech and Adwatch apply Blockchain against digital ad fraud

Feb 6, 2023

Security

Most internet users fall foul of phishing attacks every month – report

Feb 6, 2023

The Great Telco Debate

The Great Telco Debate 2022 highlights

Feb 3, 2023

Security

BT Group to recruit more than 400 apprentices and graduates

Jan 27, 2023

Security

EE secures latest partnership on its mission to eradicate scam calls

Jan 26, 2023

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

0:46

The Cloud Native Telco Summit returns this September!

8:32

Azita Arvani on Being a Female Leader at Rakuten Symphony

16:19

AT&T Amy Zwarico on securing telco applications in the public cloud

1:44

Join us for the greatest industry debate of the year!

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us
  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2023. All rights reserved. All brands and products are the trademarks of their respective holder(s).