Ransomware has remained a persistent and highly pervasive threat for organisations across the globe with India being the worst hit in the Asia Pacific region, according to a report by cybersecurity firm CrowdStrike, Inc.
India has been the worst hit by ransomware in the APAC region, with 76 per cent having suffered a ransomware attack this year, as compared to 61 per cent in Japan, 64 per cent in Singapore and 67 per cent in Australia.
Further, 26 per cent of Indian respondents shared that they have paid between $1 million – $2.5 million as a result of the ransomware attacks in the last 12 months as compared to 25 per cent in Japan, 14 per cent in Singapore and 42 per cent in Australia.
Additionally, 27 per cent of Indian respondents said that they have paid between $500,000 – $1 million as extortion fees on top of ransomware as compared to 33 per cent in Japan, 29 per cent in Singapore and 19 per cent in Australia.
Globally as per the survey, the average ransomware payout has increased 62.7 per cent in 2021 (from $1.1 million in 2020 to $1.79 million in 2021).
The average ransomware payment was $1.34 million in EMEA and $2.35 million in APAC and $1.55 million in the United States.
It was further observed the average ransom demand from attackers is $6 million.
“While attackers aren’t getting quite the amounts they are seeking, they are still earning massive payouts. CrowdStrike attributes this to companies understanding both the threat and their exposure, and their ability to negotiate with attackers,” the report said.
Further, “organisations are almost universally getting hit with “double extortion,” when threat actors not only demand a ransom to decrypt data, they additionally threaten to leak or sell the data unless the victims pays more money,” the report said.
The survey showed that 96 per cent of organisations that paid a ransom were forced to pay additional extortion fees, costing businesses on average $792,493. Additionally, 66 per cent of respondents’ organisations suffered at least one ransomware attack in the past 12 months.
In terms of security 45 per cent of Indian organisations felt that a lack of accurate threat intelligence was a prime barrier against establishing a better security posture against ransomware attacks. This is compared to 36 per cent in Japan, 55 per cent in Singapore and 39 per cent in Australia.
In India, 58 per cent of respondents further said that they feel most threatened by cyberattacks originating from China followed by Pakistan (47 per cent).
China has been a common threat across regions with 76 per cent in Japan, 66 per cent in Singapore and 53 per cent in Australia, the report further added.
For 88 per cent of respondents, cyberattacks sponsored by Russia and China “pose a clear and present danger to organisations in India” as compared to 87 per cent in Japan, 86 per cent in Singapore and 78 per cent in Australia.
86 per cent of Indian respondents also highlighted the threat of nation-state attacks that are on the rise. 76 per cent of respondents believe that the Indian government is taking the necessary action against threat actors to create a safe environment for organisations to operate as compared to 50 per cent in Japan, 62 per cent in Singapore and 61 per cent in Australia.
The report also focused on the organisations’ ability for threat detection. 36 per cent of Indian respondents feel they are capable of detecting a cyber-attack within one hour compared to 24 per cent in Japan, 33 per cent in Singapore and 36 per cent in Australia.
The primary reason cited for Indian organisations not being able to detect incursions was infrastructure. 62 per cent respondents said that their security infrastructure is made up of too many disparate solutions that don’t easily integrate for proper protection and prevention compared to 47 per cent in Japan, 49 per cent in Singapore and 51 per cent in Australia.
Other concerns for Indian organisations included lack of resources in the cybersecurity department (46 per cent) and challenges of legacy infrastructure (46 per cent).
Software supply chain attacks
The report also focused on software supply chain attacks that have caused significant issues for organisations in recent years and will likely continue to do so in the future.
56 per cent of Indian organisations have experienced a software supply chain attack as compared to 41 per cent in Japan, 36 per cent in Singapore and 49 per cent in Australia.
However, 60 per cent of organisations had a comprehensive strategy in place when their organisation suffered its first software supply chain attack as compared to 20 per cent in Japan, 39 per cent in Singapore and 48 per cent in Australia.
Indian organisations are also planning to use the following technologies to protect against software supply chain attacks in the next 12 months. Organisations are investing in technologies such as behavioural analytics (36 per cent), threat intelligence (35 per cent) and blockchain technology (35 per cent) for better prevention.
“Further, 80 per cent of Indian organisations said that their vetting process has become more rigorous and more detailed checks are needed in the wake of recent high profile software supply chain attacks such as SolarWinds and/or Sunburst,” as per the report.
However, 72 per cent of Indian respondents said that they have total confidence in their organisation’s supply chain security.
Additionally, 66 per cent of Indian organisations are losing trust in legacy IT vendors due to such attacks
“The survey presents an alarming picture of the modern threat landscape, demonstrating that adversaries continue to exploit organisations around the world and circumvent outdated technologies. Today’s threat environment is costing businesses around the world millions of dollars and causing additional fallout,” said Michael Sentonas, chief technology officer at CrowdStrike.
“The evolving remote workplace is surely accentuating challenges for businesses as legacy software like Microsoft struggles to keep up in today’s accelerated digital world. This presents a clear clarion call that businesses need to change the way they operate and evaluate more stringently the suppliers they work with,” added Sentonas.
“The threat landscape continues to evolve at a frightening pace and it’s obvious that modern organisations need a cloud-native, holistic end-to-end platform approach to tackle and remediate threats in a swift manner,” Sentonas further added.
The cybersecurity firm further encouraged organisations to strive to meet the 1-10-60 rule. As per this rule “security teams demonstrate the ability to detect threats within the first minute of an intrusion, investigate and understand the threat within 10 minutes, and contain and eradicate the threat within 60 minutes,” it explained.
CrowdStrike commissioned independent technology market research specialist Vanson Bourne to undertake the quantitative research upon which this whitepaper is based. A total of 2,200 senior IT decision makers and IT security professionals were interviewed during September, October, and November 2021, with representation across the US, EMEA and APAC regions.