Top 3 Insights from the Fortinet Ransomware Global Research Report

The threat of ransomware looms heavily over organizations of all sizes and industries. Fortinet recently conducted a comprehensive survey involving 569 cybersecurity leaders and decision-makers worldwide to gain insights into their perspectives on ransomware. The findings from the 2023 Global Ransomware Report provide valuable insights into the evolving risk of ransomware attacks and how organizations are responding to this growing threat. 

As attacks increase in volume and intricacy, executives are reprioritizing their security efforts. Of those surveyed, 91% expect increased security budgets in the coming year to invest in technologies and services that further safeguard their networks from a potential attack. As budgets are adjusted to better address the largest concerns, it’s imperative we understand ransomware and its effect on the protection of our data.

We have pulled the top 3 key insights from the report, detailing how ransomware interacts with our digitized society and what you can do to mitigate the risk that comes with it. 

• Concerns vs. Preparedness

One of the most striking findings from the survey is the stark disconnect between organizations’ concerns about ransomware and their perceived level of preparedness. Over 80% of respondents expressed “very” or “extreme” concern about ransomware, yet an almost equal number, 78%, believed they were “very” or “extremely” prepared to defend against such attacks. This discrepancy marks a significant red flag.

Despite organizations’ confidence in their readiness, a staggering 50% of respondents admitted to falling victim to ransomware attacks in the previous year. This raises critical questions about the effectiveness of their preparations. It’s evident that many organizations need to reevaluate and potentially bolster their cybersecurity strategies. 

• The Growing Sophistication of Ransomware

Ransomware attacks have been around for decades, but their threat level continues to rise. Financially-motivated cybercrime accounted for a significant portion (74%) of incidents in 2022, with 82% of these crimes involving ransomware or malicious scripts. While year-over-year growth in ransomware attacks slowed in 2022 compared to the previous year, the frequency of attacks is still increasing.

One reason for this increase is the maturation of Ransomware-as-a-Service (RaaS) operations. These operations have become more selective, targeting organizations capable of providing larger payouts. Cybercriminals are spending more time conducting reconnaissance to identify lucrative targets, leading to higher ransom demands.

As a result, 50% of respondents said that adopting advanced technologies powered by artificial intelligence (AI) and machine learning (ML) ranked among their top three priorities. Investing in advanced technologies like AI and ML for faster threat detection is paramount in this rapidly escalating situation. Additionally, Internet-of-Things (IoT) security and next-generation firewalls (NGFWs) are areas where organizations plan to increase their investments.

• Where Technology Can Help: Integration and Consolidation

Enhancing security strategies is vital, but the manner in which it is accomplished holds equal significance. As discussed in the report, simply adding tools to an already overloaded toolbox is insufficient in mitigating an organization’s vulnerability to ransomware attacks. An increasing proportion of those surveyed (45%) say they have resorted to a blend of security platforms and individual point products, while 36% continue to buy standalone “best-of-breed” solutions. Consequently, security teams find themselves managing individual products deployed over time and struggling with the challenge of making these components function cohesively. Such manual procedures can impede a security team’s capacity to access crucial data promptly and respond effectively when faced with a ransomware incident.

As a result, those who reported adopting a “best-of-breed” approach were the most susceptible (67%) to falling victim to ransomware attacks, whereas those who streamlined their vendor portfolio by consolidating onto a small number of platforms, supplemented by point products, were the least vulnerable (37%). As findings like these continue, organizations are increasingly opting to reduce the array of individual point products in favor of a more streamlined approach. The survey findings underscored this shift, with 99% of respondents emphasizing the effectiveness of integrated solutions or a comprehensive platform in their efforts to thwart ransomware attacks. With the overall organization, its people, and the technology behind this process, the alignment of these players leads to the most effective defense against ransomware. 

To enhance their security posture, organizations should focus on investing in advanced integrated technologies, strengthening incident response plans, and prioritizing employee cybersecurity awareness training. Only by addressing the multifaceted challenges of ransomware attacks, including people and processes, can organizations effectively protect themselves in this increasingly hostile digital landscape. Contact Thrive to up your security and bolster your confidence in data protection against ransomware.