• Paying the Ransom Doubles Recovery Costs
• Rate of Ransomware Attacks Remains Steady, with 66% of Organizations Surveyed Reporting They Were a Victim of Ransomware
  

Sophos, a global leader in innovating and delivering cybersecurity as a service, today released its annual “State of Ransomware 2023 ” report, which found that in 76% of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data. This is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020.

The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organizations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.

Overall, 66% of the organizations surveyed were attacked by ransomware—the same percentage as the previous year. This suggests that the rate of ransomware attacks has remained steady, despite any perceived reduction in attacks.

“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes,” said Chester Wisniewski, field CTO, Sophos.

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.

When analyzing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 36% of cases), followed by compromised credentials (involved in 29% of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.

Additional key findings from the report include:

• In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace
• The education sector reported the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomware
• Overall, 46% of organizations surveyed that had their data encrypted paid the ransom. However, larger organizations were far more likely to pay. In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments

“With two thirds of organizations reporting that they have been victimized by ransomware criminals for the second year in a row, we’ve likely reached a plateau. The key to lowering this number is to work to aggressively lower both time to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the third who stay safe and the two thirds who do not. Organizations must be on alert 24×7 to mount an effective defense these days,” said Wisniewski.

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

• Strengthen defensive shields with:
  • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
  • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
  • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
• Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
• Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

• Sophos Adds Team of MDR Experts in Germany, Expanding Global Footprint of Security Operations Specialists

• Defenders Have Less Time to Defend; MDR Services Become Critical Cybersecurity Layer as Attacker Dwell Time Decreases, Says Sophos’ Annual Active Adversary Report

Sophos, a global leader in innovating and delivering cybersecurity as a service, has announced that its industry-first vendor-agnostic Managed Detection and Response (MDR) service has grown its customer base by 33% in the first six months since introducing the service’s ability to ingest and analyze telemetry from third-party security vendors. Already, Sophos is processing more than 150 million alerts from nearly 30 other security providers.

Sophos has also added a new team of MDR experts in Germany to service the increasing demand in the German and European markets, as well as to support the existing globally located MDR team that monitors and defends organizations 24/7/365.

The service now protects more than 16,000 organizations worldwide and has been doubling in size year-over-year as the industry’s most widely used MDR offering.

MDR services are fast becoming an essential cybersecurity layer as attackers refine their tactics, techniques and procedures (TTPs) to overwhelm defenders. This includes decreasing their dwell time, as evidenced in Sophos’ 2023 Active Adversary Report for Business Leaders report, also announced today. Reduced dwell time indicates attackers are working faster to accomplish their end goal, whether it’s stealing data, deploying ransomware, spying, or perpetrating some other nefarious activity against a target. Consequently, defenders have less time to respond, from identifying the presence of attackers to neutralizing them. Analysis of incident response cases shows that median dwell times are dropping significantly – down to 10 days for the first time, and a day less for ransomware cases – and attacks are occurring continuously instead of during off business hours or over the weekend. Just as interesting, there’s no significant difference in dwell time among organizations of different sizes or sectors.

“The adoption of MDR is skyrocketing because organizations need 24×7 teams of experts to simply take over and handle cyberattacks that are executed in less time, change quickly and are more complex in nature. These factors put Sophos in the ideal position to further trailblaze the market,” said Rob Harrison, vice president of product management for security operations solutions at Sophos. “Since introducing our game-changing ability to ingest, collate and correlate other security vendors’ signals, we’ve already processed more than 150 million non-Sophos alerts from nearly 30 common providers. We’re leading the market in terms of volume, variety and time with unique MDR data from both Sophos and the other security providers. With this advantage of ingesting data from third-party sources, we have broader context, enabling us to make better decisions, defend faster and apply deeper knowledge to new and existing MDR customers.”

“The MDR market is gaining momentum as companies scramble to stay one step ahead of rapidly evolving attacks that continue to increase in number, sophistication and complexity while simultaneously trying to manage the cybersecurity talent skills shortage reality. Since its launch in October, Sophos MDR has mirrored that momentum as organizations look to realize secure outcomes and reduce their cybersecurity risk posture from their existing cybersecurity investments. The benefit of Sophos’s technology-agnostic managed service approach is that it meets customers where they are rather than requiring investment in new security tools to achieve an outcome,” said Frank Dickson, group vice president for IDC’s Security and Trust research practice.

Sophos MDR successfully reported malicious activity across all 10 MITRE ATT&CK steps in the first-ever independent MITRE Engenuity ATT&CK Evaluation for security service providers. Sophos MDR was evaluated with 15 vendors, excelling in its ability to detect sophisticated threats with speed and precision. Sophos was named the only Leader across the G2 Grid Reports for MDR, Extended Detection and Response (XDR) Platforms, Endpoint Detection and Response (EDR), Endpoint Protection Suites, and Firewall Software in the G2 Spring 2023 Reports. In the Managed Detection and Response (MDR) Services market on Gartner® Peer Insights®, Sophos MDR is the highest rated and most reviewed MDR service with a 4.8 rating across 296 reviews as of April 24, 2023.

Peter Oluka (@peterolukai), the Co-Founder of GrassRoots.ng has joined the Nigeria Internet Registration Association (NiRA) Executive Board of Directors (EBoD).

Peter, a multi-award winner practicing ICT Journalist was elected at the 15th Annual General Meeting (AGM) cum election held in Lagos on Friday at The Zone, Lagos where Mr. Adesola Akinsanya and Mr. Murtala Abdullahi emerged the new President and the Vice President respectively.

They took over from Mr. Mohammed Rudman and Mr. Toba Obaniyi in that order. Other members elected into NIRA Executive Board of Directors (EBoD) at the meeting are; Mr. Ebenezer Dare of Hostlag Limited, and Seun Kehinde of QServers Networks Limited.

Meanwhile, five members have been elected to the Board of Trustees of NiRA. They are; Mrs Ibukun Odusote; Publisher of ITRealms, Mr. Remmy Nweke; former Financial Secretary of NiRA, Mr. Biyi Oladipo; former NIRA president, Mrs. Mary Uduma and Executive Director Centre for Information Technology and Development (CITAD) Mr. Yunusa Zakari Ya’u.

Peter Oluka has been a .ng Domain Name Brand Ambassador since 2015). He actually started his mainstream journalism in 2010 working with the Nigerian NewsDirect Newspaper. His penchant for newsworthy events and stunts registered NewsDirect’s presence in the league of Property & Environment and Labour pious media outfits.

He also Co-founded GrassRoots.ng, a news platform rooted in Speaking for the Global Citizen.

Peter also Co-founded Njalo.ng; an online marketplace for ‘Easy sell & Easy Buy’ or new and used products. 

Prior to that, he worked at the Nigeria CommunicationsWeek, as a Senior Reporter; a medium with fad in ICT reportage. Peter’s articles have attracted interests from both international and indigenous ICT/Technology giants.

Peter’s quest for journalism, PR and media practices is exceptional. For many years, he contributed to ‘Communications’ pullout in the Guardian Newspapers.

Peter Oluka is among the pioneer Fellows of the MTN Nigeria Media Innovation Programme (MTN MIP-1) curated by the School of Media and Communications (SMC) Pan Atlantic University (PAU).

He is an Associate Member of the Institute of Information Management (IIM-Africa) and was awarded the Records and Information Management Best ICT Reporter of the Year by the Institute of Information Management-Africa (IIM-Africa) in year 2014.

He received Special Recognition Award at the 2017 Nigeria Computer Society (NCS) National Information Technology Merit Awards (NITMA) for Excellence in IT reporting.

He also won Nigerian Women in Information Technology (NIWIIT) Best IT Editor of the Year 2018.

Peter is a certified Customer Relations Management Personnel by the Nesburg School of Business and Management (NESBG-Nigeria), Africa’s foremost Persuasion School of Business based in South Africa (2015).

He obtained PGD (Mass Communications) from NOUN in 2015; HND (Mass Communication) from the Institute of Management and Technology, IMT, Enugu in 2008.

‘Multimedia, Mobile and Social Media Journalism Programme Facilitated by renowned new media experts Dan Mason Media (2017)’ hosted by Journalism Clinic, Lagos, Nigeria, among other trainings and achievements.

Peter’s media practice cuts across Speech Writing, Public Relations, Advertising, other Communications interests.

Commenting on his election, Peter said: “I am deeply committed to the massive adoption of .ng buttressed by the fact that I have been a .NG (Dot NG) domain name Brand Ambassador since 2015!

“Yes, I have leveraged different platforms and fora to publicize the Nigerian Domain Name (DNS) Industry, amongst other accomplishments, training, awards and certifications.

“I strongly believe there is a need for the injection of fresh ideas to further expand our identity in cyberspace, and I am grateful for this opportunity to serve”.

NiRA was founded on 23 March 2005 to oversee Nigeria’s country code top-level domain, .ng. However, the registration of domain names are handled by NiRA certified registrars, under its Registry–Registrar–Registrant model in operating and managing the top-level domain.