Email Security

    Ransomware's Relentless Rise Strains Security Teams  

    Mimecast’s latest survey shows ransomware has continued to grow in 2022, contributing to burnout and resignations in the security profession.

    by Kiri Addison
    101BLOG_1.jpg

    Key Points

    • Ransomware is outpacing efforts to stop it.
    • The growing sophistication and sheer number of attacks have taken a heavy toll on security teams.
    • New Mimecast research on ransomware reveals the depth of security teams’ predicament.

    Ransomware gangs have been plundering businesses around the world at an accelerating pace in the past 12 months, according to a new survey, pushing some cybersecurity professionals to the breaking point.

    Nearly half of companies represented in Mimecast’s State of Ransomware survey (conducted in July) have experienced more ransomware attacks in 2022 than 2021. About one-third battled the same volume of attacks as before.

    Of the many consequences of this state of siege, the cybersecurity professionals we surveyed recounted a steep human toll, including everything from burnout and absenteeism to staff defections and decreased confidence in their organizations’ ability to fend off attacks. Fully one-third said they were thinking of leaving their role within the next two years due to the stress.

    Some clear patterns emerged in the survey, which included respondents working in companies of various sizes, industries, and nationalities. A common refrain was that cybersecurity professionals felt they lacked sufficient funds to staff up and equip themselves — even as seven in 10 expected a continuing escalation of all types of cyber risk over the coming two years. Below, we break down the report’s findings about ransomware and its human impact.

    Ransomware Attacks from All Angles

    More than three-quarters of survey respondents had experienced one or more ransomware attacks in the past year, of which about 20% reported five or more. Ransomware came at companies from every angle over the past twelve months, including:

    • Phishing emails with ransomware attachments: 53%.
    • Phishing emails leading to drive-by downloads: 43%.
    • Supply chain attacks: 40%.
    • Compromised credentials: 40%.
    • Abuse of the remote desktop protocol: 35%.

    Defenses Improve, But Still Fall Short

    Companies are not defenseless against cyber-extortionists, but many feel they are operating with insufficient resources — and with weak safety nets. Here’s the picture survey respondents painted:

    • Cybersecurity teams are doing many of the right things. Roughly half of respondents were already taking one or more of the following steps: backing up files, regularly patching systems, requiring multi-factor authentication, scanning emails for malicious links and training employees to understand how cybercriminals use email to plant ransomware. In these and other ways, eight in 10 security professionals said that this year, they are better prepared to fend off ransomware than in previous years.
    • But budgets are falling short. Despite feeling better prepared, nine in 10 said they need more funding to combat ransomware — to be precise, an average budget increase of 28%. Their top three requirements: updated security systems, better security awareness training for employees, and entirely new security systems (across categories including web security, endpoint protection, file backup/recovery, VPNs, and secure email gateways). And for half of the survey’s participants, our analysis showed that a single ransomware attack could deplete 20% of their current annual cybersecurity budget.
    • Siloed systems thwart effectiveness. Today, the cutting-edge approach to making lean security teams more efficient and effective is to integrate the growing number of point security solutions and endpoints. However, our survey revealed that only about one-quarter of security professionals had integrated detection capabilities and orchestrated responses.
    • Insurance coverage is uncertain. The number of companies that believed they could rely on their cyber insurance provider to cover ransomware payments was down by 15% this year.  That’s not surprising, with many insurance companies reconsidering payouts and excluding some forms of ransomware attacks from their coverage.

    The pressures surfaced by our research are part of a bigger picture. In the midst of a skills shortage in the security profession worldwide, security teams were significantly short of staff at one-third of companies that responded to Mimecast’s separate State of Email Security 2022 survey. This and other factors can create a sense of inevitability around ransomware, as well as a tendency for security teams to focus more on file backups and other mitigation measures instead of proactive detection and prevention. However, such a defensive approach can result in an over-reliance on their ability to respond to attacks and expose them to more attacks.

    Ransomware Impacts Business and Personnel

    For ransomware victims, the stakes are high. Of those organizations attacked by cyber-extortionists, 40% suffered significant downtime. Over one-third lost revenue, up from over one-quarter the previous year. Other impacts included legal challenges, C-suite firings, and reputational damage. But the ongoing threat of ransomware arguably inflicts even more harm on the personnel tasked with protecting their companies. These human costs include:

    • Waning confidence: Confidence that security teams can maintain essential email continuity with no disruption following a ransomware attack, for example, has dropped.
    • Mounting stress: Over half (56%) of respondents said their work stress increases every year.
    • Mental health: About the same number (54%) reported a negative impact on their mental health.
    • Absenteeism: One-third said that their teams have experienced an increased number of employee absences following an attack.
    • Staffing issues: About one-third also have trouble recruiting essential IT staff after an attack.
    • Resignations: One-third of respondents are thinking of resigning within the next two years due to stress and burnout.

    “Businesses can become more vulnerable to more attacks after one has taken place, not least due to the stress, burnout, and recruitment issues experienced by teams in the wake of an incident,” Mimecast’s State of Ransomware report concluded. “To avoid this cycle, it’s critical to have fundamental measures in place, like robust email security and employee training, supported by a large enough budget. Integration of security systems is another powerful way of alleviating some of the pressures busy teams experience.”

    The Bottom Line

    Too many security teams have seen their ranks suffer and even thin out as the wave of ransomware continues to sweep over business and society. Read Mimecast’s latest research to learn more about the problem and what can be done.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top