Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.

You hate to blame the victim, but the fact of the matter is that businesses are just asking to get whacked with ransomware multiple times.

A recent study of IT leaders from cloud-native network detection and response firm ExtraHop shows that businesses aren’t even aware of the “attack me,” “easy prey” pheromones they’re giving off: In fact, there’s a yawning chasm between perception and reality.

The study shows that corporate leaders have a false sense of security when it comes to their organizations’ IT security readiness. Their confidence is disconnected from their admittance that their cybersecurity incidents are a result of their own outdated IT security plans, including widespread use of insecure and deprecated protocols, as well as growing numbers of unmanaged devices.

, Multi-Ransomwared Victims Have It Coming–Podcast, The Cyber Post

(Brought to you by SpecOps. Underwriters of Threatpost podcasts do not assert any editorial control over content.)

The reality: 69 percent of respondents acknowledged transmitting sensitive data over unencrypted HTTP connections instead of more secure HTTPS connections. Another 68 percent are still running SMBv1, the protocol exploited in major/ancient/still-exploited attacks like WannaCry and NotPetya, leading to more than $1 billion in damages worldwide.

Denial ain’t just a river in Egypt. The delusion is particularly dangerous, given the sky-high rate of ransomware attacks. In ExtraHop’s Cyber Confidence Index 2022 – which surveyed 500 security and IT decision makers in the United States, United Kingdom, France and Germany – 85 percent reported having suffered at least one ransomware attack, and 74 percent reported experiencing multiple incidents in the past five years.

, Multi-Ransomwared Victims Have It Coming–Podcast, The Cyber Post
Here’s the paint-by-numbers portrait of reality vs. cybersecurity fantasy land:

  • A jarring majority have experienced a ransomware attack, with some being hit twice. What’s more, the data shows that if a business is hit once, it’s more likely to be hit again.
  • A number of IT decision makers haven’t faced an attack – and so they “aren’t concerned.”
  • 77 percent of IT decision makers are very or extremely confident in their company’s ability to prevent or mitigate cybersecurity threats. And yet …
  • 64 percent admit that half or more of their cybersecurity incidents are the result of their own outdated IT security postures.
  • 85 percent reported having suffered at least one ransomware attack in the past five years, and 74 percent have experienced multiple attacks.
  • 48 percent of companies that suffered a ransomware attack said they paid the ransom demanded most or all of the time.

Jamie Moles, ExtraHop senior technical manager, dropped by the Threatpost podcast to talk about perceptions vs. reality.

WannaCry, which hit a few years ago, is a prime example, he told us. The advice back then (and now) was that organizations should check their backups to make sure they’re usable. Innumerable articles and blogs interrogated admins, asking, Have you actually restored a backup recently to make sure that your restores work? Are they up to date?

“A lot of people, we’re finding, actually, that their backup procedures were good, but maybe the technology wasn’t up to date or they were too reliant on things like volume shadow copies on workstations,” Jamie told us. “A restore when data was corrupted, not realizing that ransomware gangs turn off volume shadow copies on workstations.

“So you can’t restore from that. And a lot of organizations found that maybe their backups weren’t fully up to date and they had to go too far back in time to restore, to get themselves operationally back to date. And this has an obvious impact in terms of operating. Resilience has a cost factor associated with it, and getting yourself back to where you were yesterday.”

So…not to imply anything, but hey, we just thought we’d ask: Have you checked your backups lately to make sure they work?

If not, maybe go do that. We’ll wait. This podcast doesn’t have an expiration date.

You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.

Register Today for Log4j Exploit: Lessons Learned and Risk Reduction Best Practices – a LIVE Threatpost event sked for Thurs., March 10 at 2PM ET. Join Sonatype code expert Justin Young as he helps you sharpen code-hunting skills to reduce attacker dwell time. Learn why Log4j is still dangerous and how SBOMs fit into software supply-chain security. Register Now for this one-time FREE event, Sponsored by Sonatype.

, Multi-Ransomwared Victims Have It Coming–Podcast, The Cyber Post