• Latest
  • Trending
Trust in Legacy Vendors Sinks as Ransomware Spikes

Trust in Legacy Vendors Sinks as Ransomware Spikes

December 16, 2021
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 23 May, 2025
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Trust in Legacy Vendors Sinks as Ransomware Spikes

by ITECHNEWS
December 16, 2021
in Leading Stories, Opinion
0 0
0
Trust in Legacy Vendors Sinks as Ransomware Spikes

Organizations are losing trust in legacy vendors as ransomware payout demands and extortion fees massively increase and organizations get slower at detecting cybersecurity incidents.

These were among the findings of CrowdStrike’s Global Security Attitude Survey, conducted by research firm Vanson Bourne.

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

The study of 2,200 senior IT decision-makers and IT security professionals found 66% of respondents’ organizations suffered at least one ransomware attack in the past 12 months and more than half (57%) of businesses did not have a comprehensive ransomware defense strategy in place.

Ransomware Demands are Escalating

Meanwhile, the average ransom payment increased by 63% in 2021 to $1.79 million, compared to $1.10 million in 2020.

The fact that organizations are almost universally getting hit with “double extortion” further increased the financial impact of ransomware attacks on these businesses.

This is when threat actors not only demand a ransom to decrypt data but also threaten to leak or sell the data unless the victims pay more money.

The survey revealed nearly all (96%) organizations that paid a ransom were forced to pay additional extortion fees, costing businesses on average $792,493.

A Symptom of a Larger Shift

Mohit Tiwari, co-founder and CEO at Symmetry Systems, explained an increasing number of attacks are primarily a symptom of enterprises moving from network-perimeter defenses with a squishy middle to workloads on the cloud that are open to the internet and where small errors on even enterprise-internal applications can get amplified.

“There is no use blaming traditional vendors—newer vendors don’t have a silver bullet, either,” he said. “Instead, it is more valuable to build cloud-enabled security tooling with open interfaces and open evaluations.”

Recent attacks such as Sunburst and Kaseya have once again brought supply chain attacks to the forefront, with 45% of respondents admitting they had experienced at least one supply chain attack in the past 12 months.

More than eight in 10 respondents (84%) said they are fearful that supply chain attacks will become one of the biggest cybersecurity threats in the next three years.

“Supply chain attacks are just one vector—cloud permissions, insider threats and application-security attacks are other vectors that have led to major incidents recently,” Tiwari pointed out.

The Problem With Processes

From Pathlock president Kevin Dunne’s perspective, more applications than ever before mean more data than ever before, and you can’t be everywhere at once.

“It’s harder to implement effective and consistent controls across all these applications for critical business processes, whether it is pay-to-procure, payroll, expense approvals and reporting and so on,” he said. “Apps are being used in ways that are possible but that may not have been intended, so it stretches security models.”

For example, the early days of the internet saw operating systems that were never designed for wide-scale networking connected to it. Some of these legacy apps fit the same bill with regards to the processes they’re being asked to be a part of.

In addition, business transactions and processes (both internal and external) include and require a parade of applications to perform correctly and legacy, foundational apps often interact with special-purpose apps to move a request/transaction through a workflow.

“The remote workplace requires these processes to be executed in seemingly infinite new ways—from new source locations, new devices, across on-prem and cloud applications,” Dunne said. “It’s the fear of many that legacy applications can’t keep up with these logistical gymnastics in a secure and performant manner.”

However, all these applications—whether legacy or new entrant—need effective process controls applied to reduce the risk and resulting anxiety.

In fact, Dunne said, access controls/orchestration applied to these “legacy” apps is an effective way of improving the security posture of those applications/systems, limiting the scope of activities where warranted, that would otherwise be unavailable natively.

He pointed out that “legacy” might be an unfortunate descriptor of “in widespread use”, especially in the case of vendors like Microsoft.

“The massive global adoption of a technology provider like Microsoft obviously leads to being targeted frequently; it’s a numbers game,” he said. “Therefore, any attack, attempted or successful, is newsworthy, contributing to negative associations.”

Introducing the Human Element

Heather Paunet, senior vice president at Untangle, a provider of comprehensive network security for SMBs, added that the challenge for IT professionals is to find newer technology solutions that are easy to use, fast and reliable so that employees can turn it on once and forget about it.

“Legacy vendors will need to develop tools that keep in mind the ease-of-use and user interface for employees that rotate in and out of the office,” she said.

Paunet pointed out that remote and hybrid work introduces the human element to cybersecurity.

“Bad actors targeted VPNs because they knew that many companies, by quickly moving their employees to a remote working environment, were using older implementations of VPN protocols with exploitable security holes,” she explained.

She added many of these legacy security products are designed for IT professionals, not the average employee, which makes it harder for remote and hybrid employees to fully use the tool.

For example, when working from home, employees were finding that with older VPN technologies, their connection speeds were reduced. This resulted in them turning their VPN off and thus reducing security as they connected to their corporate network.

“When choosing vendors, companies will need to be more vigilant than ever when thinking about how their business could be compromised,” Paunet said. “It is also important to conduct a thorough review of vendors. Research for any past exploits, when they were detected and how fast a patch was developed.”

By Security Boulevard

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version