Survey: 42 Percent of Companies Have Experienced Ransomware Attacks | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: 42 Percent of Companies Have Experienced Ransomware Attacks

January 22, 2018
by Heather Landi
| Reprints

The percentage of global companies reporting financially motivated cyber-attacks has doubled over the past two years, with 50 percent of surveyed companies associating ransom as the leading motivation for attacks over other attacks, including insider threats, hacktivism and competition, according to a report by Radware, a Mahwah, N.J.-based cybersecurity solutions provider.

Radware’s 2017-2018 Global Application and Network Security Report found that as the value of bitcoin and other cryptocurrencies – often the preferred form of payment among hackers – has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later.

According to the report, the top driver of cyber-attacks is now cyber-crime. Attackers are motivated by financial gain and driven by the prosperity of cryptocurrencies. Meanwhile, attacks are becoming more targeted. A determined enemy will take the time to learn the target by investing in reconnaissance, social engineering and specific tools.

Malware and bots and socially engineered threats emerged as the most common attack vectors, the report states.

The Radware report is a cross-industry report compiled by Radware’s Emergency Response Team (ERT), leveraging vendor-neutral survey data from 605 IT executives spanning several industries around the globe, including healthcare.

The number of companies that reported ransomware attacks in which hackers use malware to encrypt data, systems, and networks until a ransom is paid surged in the past year. Globally, 42 percent of companies experienced ransomware attacks, a 40 percent increase from the 2016 survey. Companies don’t expect this threat to go away in 2018 either. One in four executives (26 percent) see ransom as the largest threat to their business sector in the coming year.

“The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies’ anonymity,” Carl Herberger, vice president of security solutions at Radware, said in a statement. “Paying a hacker in these situations not only incentivizes further attacks, but it provides criminals with the vital funds they need to continue their operations.”

Massive global cyber-attacks in 2017 succeeded simply because of unpatched vulnerabilities, and that represents a small and common human mistake with devastating impacts, the report states. Machine learning and AI-based solutions might seem like the logical solution. The report foudn that 20 percent of organizations already rely on such solutions and another 28 percent plan to implement them in 2018. "But these solutions aren’t fail-proof. Just consider the risks of AI poisoning, automated systems being thwarted and how such systems can go awry (e.g., Microsoft Tay and Facebook’s chatbots)," the report states.

Other key findings of the report include:

  • Businesses are most concerned with their data when hit with a cyber-attack. Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages.
  • Despite one in four (24 percent) businesses reporting cyber-attacks daily or weekly, nearly 80 percent of surveyed organizations have not come up with a calculation for the cost of attacks, and one in three lack a cyber security emergency response plan.
  • Respondents are not quite sure who is responsible for internet-of-things (IoT) securityWhen asked who needs to take responsibility for IoT security, there was no clear consensus among security executives. Responses pinned responsibility on the organization managing the network (35 percent of responses), the manufacturer (34 percent), and even consumers using these devices (21 percent).
  • The prevalence of Distributed Denial-of-Service (DDoS) attacks grew 10 percent, hitting nearly two in five businesses. One in six suffered an attack by an IoT botnet and 68 percent of attacks resulted in a service degradation or complete outage. Both carry associated costs. 2017 also brought an increase in application-layer vs. network-layer attacks.
  • Eighty percent of organizations aren’t calculating the cost of cyber-attacks. One in three still lack an emergency response plan even though cyber-attacks are becoming a near-daily fact of life. Alarmingly, following one in four attacks, a customer will leave or sue the attacked organization.
  • Blockchain is a hot technology topic, yet 36% of respondents admit they don’t understand its mechanism. Only 10 percent think blockchain will improve information security.

 

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.