OpenText Cybersecurity's 2024 Ransomware Survey: Supply Chain Attacks Surge, Ransom Payments Persist
OpenText released its third annual 2024 Global Ransomware Survey, revealing the current state of ransomware attacks. Key findings include:
- 62% of respondents were impacted by a ransomware attack originating from a software supply chain partner in the past year.
- 48% of respondents experienced a ransomware attack, with 73% of those occurring in the last year.
- 46% of those attacked paid the ransom, with 31% paying between $1 million and $5 million.
- 55% believe their company is more at risk due to increased AI use among threat actors.
- 66% are investing most in cloud security.
- 91% require employees to participate in security awareness or phishing training.
The survey highlights the persistent struggle businesses face in staying ahead of evolving ransomware threats and the rising cost of attacks.
OpenText ha pubblicato il suo terzo rapporto annuale sul 2024 Global Ransomware Survey, rivelando lo stato attuale degli attacchi ransomware. I risultati principali includono:
- Il 62% degli intervistati è stato colpito da un attacco ransomware proveniente da un partner della catena di fornitura software nell'ultimo anno.
- Il 48% degli intervistati ha subito un attacco ransomware, con il 73% di questi che si sono verificati nell'ultimo anno.
- Il 46% di coloro che sono stati attaccati ha pagato il riscatto, con il 31% che ha pagato tra 1 milione e 5 milioni di dollari.
- Il 55% ritiene che la propria azienda sia più a rischio a causa dell'aumento dell'uso dell'IA tra gli attori delle minacce.
- Il 66% sta investendo principalmente nella sicurezza del cloud.
- Il 91% richiede ai dipendenti di partecipare a formazioni sulla consapevolezza della sicurezza o sul phishing.
Il sondaggio evidenzia la continua difficoltà che le aziende affrontano nel rimanere un passo avanti rispetto a minacce ransomware in evoluzione e all'aumento dei costi degli attacchi.
OpenText ha lanzado su tercera encuesta anual sobre ransomware Global 2024, revelando el estado actual de los ataques ransomware. Los hallazgos clave incluyen:
- El 62% de los encuestados sufrió un ataque de ransomware procedente de un socio de la cadena de suministro de software en el último año.
- El 48% de los encuestados experimentó un ataque de ransomware, y el 73% de estos ocurrió en el último año.
- El 46% de los atacados pagaron el rescate, con el 31% pagando entre 1 millón y 5 millones de dólares.
- El 55% cree que su empresa está más en riesgo debido al mayor uso de IA entre los actores de amenazas.
- El 66% está invirtiendo principalmente en seguridad en la nube.
- El 91% requiere que los empleados participen en capacitación sobre conciencia de seguridad o phishing.
La encuesta destaca la lucha persistente que enfrentan las empresas para mantenerse un paso adelante de las amenazas ransomware en evolución y el aumento del costo de los ataques.
OpenText가 2024년 글로벌 랜섬웨어 조사의 세 번째 연례 보고서를 발표하며, 랜섬웨어 공격의 현재 상태를 밝혔습니다. 주요 발견 사항은 다음과 같습니다:
- 응답자의 62%가 지난 1년간 소프트웨어 공급망 파트너로부터 발생한 랜섬웨어 공격의 영향을 받았습니다.
- 48%의 응답자가 랜섬웨어 공격을 경험했으며, 이 중 73%는 지난 1년 내에 발생했습니다.
- 공격을 당한 사람의 46%가 금액을 지불했으며, 이 중 31%는 100만 달러에서 500만 달러 사이의 금액을 지급했습니다.
- 응답자의 55%는 위협 배우자들 사이에서 인공지능의 사용 증가로 인해 자사에 대한 위험이 더 높다고 믿고 있습니다.
- 66%는 클라우드 보안에 가장 많은 투자를 하고 있습니다.
- 91%는 직원들이 보안 인식 또는 피싱 교육에 참여할 것을 요구합니다.
이번 조사는 변화하는 랜섬웨어 위협에 앞서기 위해 기업들이 지속적으로 직면하고 있는 고군분투와 공격 비용의 증가를 강조합니다.
OpenText a publié son troisième rapport annuel sur le 2024 Global Ransomware Survey, révélant l'état actuel des attaques par ransomware. Les principales conclusions comprennent :
- 62 % des répondants ont été touchés par une attaque par ransomware provenant d'un partenaire de la chaîne d'approvisionnement logicielle au cours de l'année écoulée.
- 48 % des répondants ont subi une attaque par ransomware, dont 73 % ont eu lieu au cours de l'année passée.
- 46 % des personnes attaquées ont payé la rançon, 31 % d'entre elles ayant payé entre 1 million et 5 millions de dollars.
- 55 % estiment que leur entreprise est plus à risque en raison de l'augmentation de l'utilisation de l'IA parmi les acteurs de la menace.
- 66 % investissent principalement dans la sûreté du cloud.
- 91 % exigent que les employés participent à une formation sur la sensibilisation à la sécurité ou le phishing.
Cette enquête met en lumière la lutte persistante des entreprises pour rester en avance sur les menaces de ransomware en constante évolution et l'augmentation des coûts des attaques.
OpenText hat die dritte jährliche 2024 Global Ransomware Survey veröffentlicht, die den aktuellen Stand der Ransomware-Angriffe aufzeigt. Zu den wichtigsten Ergebnissen gehören:
- 62% der Befragten wurden in den letzten 12 Monaten von einem Ransomware-Angriff durch einen Software-Lieferkettenpartner betroffen.
- 48% der Befragten erlebten einen Ransomware-Angriff, von denen 73% im letzten Jahr stattfanden.
- 46% der Angreifenen haben das Lösegeld gezahlt, wobei 31% zwischen 1 Million und 5 Millionen Dollar zahlten.
- 55% glauben, dass ihr Unternehmen aufgrund des erhöhten Einsatzes von KI bei Bedrohungsakteuren einem höheren Risiko ausgesetzt ist.
- 66% investieren am meisten in Cloud-Sicherheit.
- 91% verlangen von ihren Mitarbeitern die Teilnahme an Schulungen zur Sicherheitsbewusstseins- oder Phishing-Prävention.
Die Umfrage hebt den anhaltenden Kampf hervor, dem Unternehmen gegenüberstehen, um den sich entwickelnden Ransomware-Bedrohungen einen Schritt voraus zu sein, sowie die steigenden Kosten von Angriffen.
- None.
- None.
While companies improve defenses, almost half of respondents still suffer ransomware attacks and the resulting ransom payments only perpetuate the cycle of vulnerability
With well-funded cybercriminals increasingly targeting software supply chains and harnessing generative AI to increase phishing attempts, businesses face a persistent struggle to stay ahead of evolving ransomware threats and the rising cost of attacks. Verizon's 2024 Data Breach Investigations Report shows that the median loss associated with the combination of ransomware and other extortion breaches has been
"SMBs and enterprises are stepping up their efforts against ransomware, from assessing software suppliers to implementing cloud solutions and boosting employee education. However, the increase in organizations paying the ransom only emboldens cybercriminals, fueling more relentless attacks," said Muhi Majzoub, executive vice president and chief product officer, OpenText. "Businesses must proactively defend against sophisticated threats like supply chain vulnerabilities and AI-driven attacks, while ensuring resilience through data backups and response plans, to avoid empowering the very criminals seeking to exploit them."
Key survey findings include:
- Respondents are overwhelmingly concerned about supply chain attacks. Those who reported a ransomware attack this year were more likely to report that it came from their supply chain.
- Forty percent of respondents have been impacted or don't know by a ransomware attack originating from a software supply chain partner.
- Of the respondents who experienced a ransomware attack in the past year,
62% have been impacted by a ransomware attack originating from a software supply chain partner and90% are planning to increase collaboration with software suppliers to improve security practices in the next year. - A majority (
91% ) of respondents are concerned about ransomware attacks on a company's downstream software supply chain, third-party and connected partners. - When asked if recent breaches by key industry vendors like Change Healthcare, Ascension and CDK Global that caused sector-specific outages and losses made them more concerned about being impacted by a supply chain attack, almost half (
49% ) are more concerned – enough to consider making vendor changes. - Almost three-quarters of respondents (
74% ), including those who have experienced a ransomware attack in the past year, have a formal process for assessing the cybersecurity practices of your software suppliers. A surprising26% do not or don't know.
- Almost three-quarters of companies have experienced a ransomware attack this year, with more SMBs than large enterprises having experienced an attack.
- Of the
48% of respondents who have experienced a ransomware attack,73% have experienced a ransomware attack in the last year, only a quarter have not (25% ) and2% don't know. - More SMBs vs. large enterprises have experienced a ransomware attack. Over three-quarters (
76% ) of SMBs reported experiencing a ransomware attack in the past year while70% of large enterprises reported experiencing a ransomware attack in the past year. - Of those who experienced a ransomware attack in the past year, a little less than half (
46% ) paid the ransom.31% of their ransom payments were between$1 million $5 million 97% ) successfully restored their organization's data. Only3% did not.
- Of the
- Respondents experienced more phishing attacks due to the increased use of AI, especially among those who have experienced a ransomware attack.
- More than half (
55% ) of respondents said their company is more at risk of suffering a ransomware attack because of the increased use of AI among threat actors. - Almost half (
45% ) of respondents have observed an increase in phishing attacks due to the increased use of AI. Of those who experienced a ransomware attack,69% have observed an increase in phishing attacks due to the increased AI usage.
- More than half (
- Organizations, including SMBs, continue to invest more in cloud security and security awareness and phishing training.
- Cloud security is the cybersecurity area that respondents say their companies are investing in most (
66% ).- In 2024,
62% of SMB respondents are investing more in cloud security. In contrast, in 2023,56% were investing more in cloud security. In 2022, only39% of SMB respondents were using cloud security solutions.
- In 2024,
- A majority (
91% ) of respondents said their companies require employees to participate in security awareness or phishing training. Only9% do not. In 2024,66% conducted at least a quarterly training.- Compared to 2023 and 2022, organizations are requiring employees to participate in security awareness training more frequently. In 2023, only
39% conducted training once per quarter. In 2022, only24% of SMBs conducted security awareness training once per quarter.
- Compared to 2023 and 2022, organizations are requiring employees to participate in security awareness training more frequently. In 2023, only
- Cloud security is the cybersecurity area that respondents say their companies are investing in most (
To learn more about the findings, view the infographic or visit our blog.
Survey Methodology
OpenText Cybersecurity polled 1,781 c-level executives, security professionals and security and technical directors from SMBs and enterprises in
About OpenText Cybersecurity
OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified/end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.
About OpenText
OpenText™ is the leading Information Management software and services company in the world. We help organizations solve complex global problems with a comprehensive suite of Business Clouds, Business AI, and Business Technology. For more information about OpenText (NASDAQ/TSX: OTEX), please visit us at www.opentext.com.
Connect with us:
OpenText CEO Mark Barrenechea's blog
Twitter | LinkedIn
Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws. These statements are based on OpenText's current expectations, estimates, forecasts and projections about the operating environment, economies, and markets in which the company operates. These statements are subject to important assumptions, risks and uncertainties that are difficult to predict, and the actual outcome may be materially different. OpenText's assumptions, although considered reasonable by the company at the date of this press release, may prove to be inaccurate and consequently its actual results could differ materially from the expectations set out herein. For additional information with respect to risks and other factors which could occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and other securities filings with the SEC and other securities regulators. Readers are cautioned not to place undue reliance upon any such forward-looking statements, which speak only as of the date made. Unless otherwise required by applicable securities laws, OpenText disclaims any intention or obligations to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. Further, readers should note that we may announce information using our website, press releases, securities law filings, public conference calls, webcasts and the social media channels identified on the Investors section of our website (https://investors.opentext.com). Such social media channels may include the Company's or our CEO's blog, Twitter account or LinkedIn account. The information posted through such channels may be material. Accordingly, readers should monitor such channels in addition to our other forms of communication.
Copyright © 2024 OpenText. All Rights Reserved. Trademarks owned by OpenText. One or more patents may cover this product(s). For more information, please visit https://www.opentext.com/patents.
OTEX-G
View original content to download multimedia:https://www.prnewswire.com/news-releases/opentext-cybersecuritys-2024-ransomware-survey-supply-chain-attacks-surge-ransom-payments-persist-302272292.html
SOURCE Open Text Corporation
FAQ
What percentage of companies were impacted by supply chain ransomware attacks in 2024 according to OpenText's survey?
How many companies paid ransoms after experiencing a ransomware attack in 2024 (OTEX survey)?
What is the most common cybersecurity investment area for companies in 2024 according to OpenText's report?
How has AI impacted phishing attacks in 2024 based on OpenText's ransomware survey?
What percentage of companies require employee security awareness training in 2024 according to OpenText (OTEX)?
