CrowdStrike’s fourth Global Security Attitude Survey reveals 63% of organizations are losing trust in legacy vendors such as Microsoft; 96% of organizations that paid a ransom were hit with additional extortion fees
CrowdStrike, Inc. (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced the release of the 2021 CrowdStrike Global Security Attitude Survey, conducted by independent research firm Vanson Bourne. The report highlights ransomware payout demands and extortion fees are massively increasing, while trust in legacy IT vendors has dipped and organizations are in fact getting slower at detecting cybersecurity incidents.
“The survey presents an alarming picture of the modern threat landscape, demonstrating that adversaries continue to exploit organizations around the world and circumvent outdated technologies. Today's threat environment is costing businesses around the world millions of dollars and causing additional fallout," said Michael Sentonas, chief technology officer at CrowdStrike. “The evolving remote workplace is surely accentuating challenges for businesses as legacy software like Microsoft struggles to keep up in today’s accelerated digital world.”
“This presents a clear clarion call that businesses need to change the way they operate and evaluate more stringently the suppliers they work with,” added Sentonas. “The threat landscape continues to evolve at a frightening pace and it’s obvious that modern organizations need a cloud-native, holistic end-to-end platform approach to tackle and remediate threats in a swift manner.”
Customers are facing a crisis of trust in legacy vendors as software supply chain attacks continue to present challenges
Recent attacks such as Sunburst and Kaseya have once again brought supply chain attacks to the forefront as evidenced by 63% of respondents admitting their organization is losing trust in legacy vendors, like Microsoft, due to frequent security incidents against these previously trusted technology suppliers.
The issue is so widespread that more than 3 out of every 4 respondents (77%) have suffered a supply chain attack. It’s clear that swift action and newer technologies will be required by businesses looking to increase their cyber resiliency.
- 45% of respondents had experienced at least one supply chain attack in the past 12 months.
- 64% of respondents cannot claim that all their software suppliers have been vetted in the last twelve months
- 84% of respondents are fearful of supply chain attacks becoming one of the biggest cybersecurity threats in the next three years
Ransomware remains a persistent and highly pervasive threat, costing organizations nearly $2 million on average
Survey data indicates that ransomware attacks are continuing to prove effective, with average ransomware payments increasing 62.7% in 2021 (from $1.1 million in 2020 to $1.79 million in 2021). Not only that, organizations are almost universally getting hit with “double extortion,” when threat actors not only demand a ransom to decrypt data, they additionally threaten to leak or sell the data unless the victims pays more money. Survey data shows that 96% of organizations that paid a ransom were forced to pay additional extortion fees, costing businesses on average $792,493. Additional notable findings include the following:
- 66% of respondents’ organizations suffered at least one ransomware attack in the past 12 months
- More than half (57%) of businesses did not have a comprehensive ransomware defense strategy in place
- The average ransomware payment was $1.34 million in EMEA and $2.35 million in APAC and $1.55 million in the US
- The average ransom payment increased by 63% in 2021 to $1.79 million (USD), compared to $1.10 million (USD) in 2020. CrowdStrike Intelligence has observed the average ransom demand from attackers is $6 million. While attackers aren’t getting quite the amounts they are seeking, they are still earning massive payouts. CrowdStrike attributes this to companies understanding both the threat and their exposure, and their ability to negotiate with attackers.
Organizations are moving in the wrong direction when it comes to detection and response time
CrowdStrike encourages organizations to strive to meet the 1-10-60 rule, where security teams demonstrate the ability to detect threats within the first minute of an intrusion, investigate and understand the threat within 10 minutes, and contain and eradicate the threat within 60 minutes. In today’s remote-first digital world, organizations continue to face massive challenges in detecting security incidents, as evidenced by eye-opening survey data.
- On average, respondents estimated it would take 146 hours to detect a cybersecurity incident, from 117 hours in 2020.
- Once detected, it takes organizations 11 hours to triage, investigate and understand a security incident and 16 hours to contain and remediate one
- 69% of respondents said that their organization suffered an incident because of staff working remotely
In the 2021 Threat Hunting Report, CrowdStrike’s Falcon OverWatch reported that eCrime threat actors are able to move laterally across an organization’s network in an average of 92 minutes. This paints a sharp contrast between the capabilities of today’s swift attackers and defenders who are increasingly slowed down by high volumes of alerts and tools that lack integrated workflows. Only CrowdStrike provides customers with the powerful fusion of world-class technology combined with elite threat hunting and human expertise that is mandatory to see and stop today’s most sophisticated threats.
For additional information, please read the following:
CrowdStrike commissioned independent technology market research specialist Vanson Bourne to undertake the quantitative research upon which this whitepaper is based. A total of 2,200 senior IT decision makers and IT security professionals were interviewed during September, October, and November 2021, with representation across the US, EMEA and APAC regions.
About Vanson Bourne:
Vanson Bourne is an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit: www.vansonbourne.com.
CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint and workload protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints and workloads on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon captures approximately 1 trillion high-fidelity signals per day in real time from across the globe, fueling one of the world’s most advanced data platforms for security.
With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.
There’s only one thing to remember about CrowdStrike: We stop breaches.
Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial.
Learn more: https://www.crowdstrike.com/
© 2021 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.
CrowdStrike Corporate Communications