While companies improve defenses, almost half
of respondents still suffer ransomware attacks and the resulting
ransom payments only perpetuate the cycle of
vulnerability
WATERLOO, ON, Oct. 10,
2024 /CNW/ -- OpenText™ (NASDAQ: OTEX), (TSX: OTEX)
today released its third annual 2024 Global Ransomware Survey,
which reveals the current state of ransomware attacks, including
ransom payments, the impact of software supply chain attacks and
generative AI. The report found that supply chain attacks are
widespread with 62% of respondents having been impacted by a
ransomware attack originating from a software supply chain partner
in the past year.
With well-funded cybercriminals increasingly targeting software
supply chains and harnessing generative AI to increase phishing
attempts, businesses face a persistent struggle to stay ahead of
evolving ransomware threats and the rising cost of attacks.
Verizon's 2024 Data Breach Investigations Report shows that
the median loss associated with the combination of ransomware and
other extortion breaches has been $46,000, ranging between $3 and $1,141,467
for 95% of cases.
"SMBs and enterprises are stepping up their efforts against
ransomware, from assessing software suppliers to implementing cloud
solutions and boosting employee education. However, the increase in
organizations paying the ransom only emboldens cybercriminals,
fueling more relentless attacks," said Muhi Majzoub, executive vice
president and chief product officer, OpenText. "Businesses must
proactively defend against sophisticated threats like supply chain
vulnerabilities and AI-driven attacks, while ensuring resilience
through data backups and response plans, to avoid empowering the
very criminals seeking to exploit them."
Key survey findings include:
- Respondents are overwhelmingly concerned about supply chain
attacks. Those who reported a ransomware attack this year were more
likely to report that it came from their supply chain.
- Forty percent of respondents have been impacted or don't know
by a ransomware attack originating from a software supply chain
partner.
- Of the respondents who experienced a ransomware attack in the
past year, 62% have been impacted by a ransomware attack
originating from a software supply chain partner and 90% are
planning to increase collaboration with software suppliers to
improve security practices in the next year.
- A majority (91%) of respondents are concerned about ransomware
attacks on a company's downstream software supply chain,
third-party and connected partners.
- When asked if recent breaches by key industry vendors like
Change Healthcare, Ascension and CDK Global that caused
sector-specific outages and losses made them more concerned about
being impacted by a supply chain attack, almost half (49%) are more
concerned – enough to consider making vendor changes.
- Almost three-quarters of respondents (74%), including those who
have experienced a ransomware attack in the past year, have a
formal process for assessing the cybersecurity practices of your
software suppliers. A surprising 26% do not or don't know.
- Almost three-quarters of companies have experienced a
ransomware attack this year, with more SMBs than large enterprises
having experienced an attack.
- Of the 48% of respondents who have experienced a ransomware
attack, 73% have experienced a ransomware attack in the last year,
only a quarter have not (25%) and 2% don't know.
- More SMBs vs. large enterprises have experienced a ransomware
attack. Over three-quarters (76%) of SMBs reported experiencing a
ransomware attack in the past year while 70% of large enterprises
reported experiencing a ransomware attack in the past year.
- Of those who experienced a ransomware attack in the past year,
a little less than half (46%) paid the ransom. 31% of their ransom
payments were between $1 million and
$5 million. At the same time, almost
all (97%) successfully restored their organization's data. Only 3%
did not.
- Respondents experienced more phishing attacks due to the
increased use of AI, especially among those who have experienced a
ransomware attack.
- More than half (55%) of respondents said their company is more
at risk of suffering a ransomware attack because of the increased
use of AI among threat actors.
- Almost half (45%) of respondents have observed an increase in
phishing attacks due to the increased use of AI. Of those who
experienced a ransomware attack, 69% have observed an increase in
phishing attacks due to the increased AI usage.
- Organizations, including SMBs, continue to invest more in cloud
security and security awareness and phishing training.
- Cloud security is the cybersecurity area that respondents say
their companies are investing in most (66%).
- In 2024, 62% of SMB respondents are investing more in cloud
security. In contrast, in 2023, 56% were investing more in cloud
security. In 2022, only 39% of SMB respondents were using cloud
security solutions.
- A majority (91%) of respondents said their companies require
employees to participate in security awareness or phishing
training. Only 9% do not. In 2024, 66% conducted at least a
quarterly training.
- Compared to 2023 and 2022, organizations are requiring
employees to participate in security awareness training more
frequently. In 2023, only 39% conducted training once per quarter.
In 2022, only 24% of SMBs conducted security awareness training
once per quarter.
To learn more about the findings, view the infographic or visit
our blog.
Survey Methodology
OpenText Cybersecurity polled 1,781
c-level executives, security professionals and security and
technical directors from SMBs and enterprises in the United States, the United Kingdom, Australia, France, Germany and India from August 23 to
September 10, 2024. Respondents represented multiple
industries including technology, financial services, retail,
manufacturing, healthcare, education and more.
About OpenText Cybersecurity
OpenText Cybersecurity
provides comprehensive security solutions for companies and
partners of all sizes. From prevention, detection and response to
recovery, investigation and compliance, our unified/end-to-end
platform helps customers build cyber resilience via a holistic
security portfolio. Powered by actionable insights from our
real-time and contextual threat intelligence, OpenText
Cybersecurity customers benefit from high efficacy products, a
compliant experience and simplified security to help manage
business risk.
About OpenText
OpenText™ is the leading Information
Management software and services company in the world. We help
organizations solve complex global problems with a comprehensive
suite of Business Clouds, Business AI, and Business
Technology. For more information about OpenText (NASDAQ/TSX:
OTEX), please visit us at www.opentext.com.
Connect with us:
OpenText CEO Mark Barrenechea's blog
Twitter | LinkedIn
Certain statements in this press release may contain words
considered forward-looking statements or information under
applicable securities laws. These statements are based on
OpenText's current expectations, estimates, forecasts and
projections about the operating environment, economies, and markets
in which the company operates. These statements are subject to
important assumptions, risks and uncertainties that are difficult
to predict, and the actual outcome may be materially different.
OpenText's assumptions, although considered reasonable by the
company at the date of this press release, may prove to be
inaccurate and consequently its actual results could differ
materially from the expectations set out herein. For additional
information with respect to risks and other factors which could
occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports
on Form 10-Q and other securities filings with the SEC and other
securities regulators. Readers are cautioned not to place undue
reliance upon any such forward-looking statements, which speak only
as of the date made. Unless otherwise required by applicable
securities laws, OpenText disclaims any intention or obligations to
update or revise any forward-looking statements, whether as a
result of new information, future events or otherwise. Further,
readers should note that we may announce information using our
website, press releases, securities law filings, public conference
calls, webcasts and the social media channels identified on the
Investors section of our website (https://investors.opentext.com).
Such social media channels may include the Company's or our CEO's
blog, Twitter account or LinkedIn account. The information posted
through such channels may be material. Accordingly, readers should
monitor such channels in addition to our other forms of
communication.
Copyright © 2024 OpenText. All Rights Reserved. Trademarks owned
by OpenText. One or more patents may cover this product(s). For
more information, please
visit https://www.opentext.com/patents.
OTEX-G
View original content to download
multimedia:https://www.prnewswire.com/news-releases/opentext-cybersecuritys-2024-ransomware-survey-supply-chain-attacks-surge-ransom-payments-persist-302272292.html
SOURCE Open Text Corporation