Lale Çorumlu

Venafi, güvenlik uzmanlarının %60'ının fidye yazılımı tehditlerine terörizmle aynı düzeyde öncelik verilmesi gerektiğine inandığını ortaya koyan 1.500'den fazla BT güvenliği karar vericisinin katıldığı küresel bir anketin bulgularını açıkladı.

These opinions echo the U.S. Department of Justice, which raised the threat level of ransomware following the Colonial Pipeline attack earlier this year. The study also found that less than one-third of respondents have implemented basic security controls that break the ransomware kill chain.

Other key findings

• 500'den fazla çalışanı olan kuruluşlardan yanıtlayanların %67'si son 12 ayda bir ransomware saldırısı yaşadı; bu rakam 3.000-4.999 çalışanı olan kuruluşlardan yanıt verenler için %80'e yükseliyor.
• 37% of respondents would pay the ransom but 57% would reverse that decision if they had to publicly report the payment, as required by the Ransomware Disclosure Act, a U.S. Senate bill that would require companies to report ransomware payments within 48 hours.
• Despite the rising number of ransomware attacks, 77% say they are confident the tools they have in place will protect them from ransomware attacks. Australian IT decision makers have the most confidence in their tools (88%), compared with 71% in the U.S. and 70% in Germany.
• Twenty two percent believe paying a ransom to be “morally wrong.”
• Seventeen percent of those breached admitted they paid the ransom, with U.S. respondents paying most often (25%) and Australian companies paying least often (9%).

Many rely on traditional security controls to tackle ransomware threats

“The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know; these attacks are indiscriminate, debilitating and embarrassing,” said Kevin Bocek, VP ecosystem and threat intelligence at Venafi.

“Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing, that are built-in to security and development processes.”

Çalışma, çoğu kuruluşun saldırı döngüsünün başlarında fidye yazılımı öldürme zincirini kıran güvenlik kontrollerini kullanmadığını gösteriyor. Birçok ransomware attack, kötü amaçlı bir ek içeren kimlik avı e-postalarıyla başlar; ancak yalnızca %21'i Microsoft Office belgelerindeki tüm makroların yürütülmesini kısıtlar.

18% of companies restrict the use of PowerShell using group policy, and only 28% require all software to be digitally signed by their organization before employees are allowed to execute it.

Source: https://www.helpnetsecurity.com/2021/12/30/ransomware-threats-prioritized/