Research highlights disconnect between perceived threat and preparedness that results in longer incident response cycles and increased revenue losses
Cybereason, the leader in operation-centric attack protection, published a global study of over 1,200 security professionals at organisations that have previously suffered a successful ransomware attack on a holiday or weekend. The study highlights the disconnect between organisational risk and preparedness.
The report, titled Organisations at Risk: Ransomware Attackers Don’t Take Holidays, found that the vast majority of security professionals in the UAE (93 per cent) expressed high concern about imminent ransomware attacks. In spite of this concern, there seems to be a disconnect between the risk ransomware poses to organisations during these off-hour periods and their preparedness — in terms of personnel and technology — to respond, moving into the holiday season.
The Human Element
An indicator of the disconnect between the perceived risk and preparedness is that 39 per cent of respondents in the UAE attributed the previous successful holiday ransomware attack to not having the right cybersecurity coverage plan or because the company was only operating a skeleton crew.
This has unfortunately meant that often cybersecurity professionals have had to put off personal engagements and weekend plans in order to respond to the attacks — 90 per cent of UAE respondents indicated they have missed a holiday or weekend activity because of a ransomware attack.
On the technology front, 65 per cent of UAE respondents (16 per cent higher than the global average) said a ransomware attack against their organisation was successful because they did not have the right security solutions in place. Most concerning was the fact that just 44 per cent reported having an Endpoint Detection and Response (EDR) solution in place. As EDR is a foundational building block of a robust cybersecurity posture, this is particularly alarming.
This lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organisations, with 60 per cent of UAE respondents saying it resulted in longer periods to assess the scope of an attack, 58 per cent reporting they required more time to mount an effective response and 46 per cent indicating they required a longer period to fully recover from the attack.
Interestingly, 23 per cent of UAE respondents (twice the global average) reported their organisations suffered revenue losses as a direct result. This research validates the assumption that it takes longer to assess, mitigate, remediate and recover from a ransomware attack over a holiday or weekend.
“Ransomware attackers don’t take time off for holidays. The most disruptive ransomware attacks in 2021 have occurred over weekends and during major holidays when attackers know they have the advantage over targeted organisations,” said Chief Executive Officer and co-founder of Cybereason, Lior Div. “This research proves out the fact that organisations are not adequately prepared and need to take additional steps to assure they have the right people, processes and technologies in place so they can effectively respond to ransomware attacks and protect their critical assets.”
Learning from past mistakes
There are some positives to be taken away from the research — findings indicate that UAE organisations have acknowledged the need to enhance their cybersecurity defence and ensure they have the right technology, resources and strategy in place to avoid being hit by an attack during the upcoming holiday season. 77 per cent of respondents stated that their organisations would be adding new technology, 60 per cent are building a more robust contingency plan and 50 per cent planning to increase cybersecurity staff cover over the holidays.