More on the security landscape.
NexusGuard released the “DDoS Statistical Report for 2021”. While 2021 had fewer attacks than 2020, the numbers are still greater than pre-COVID-19.
HelpNetSecurity.com reports that 79% of respondents have activated a disaster recovery (DR) response within the past 12 months. 61% of these incidents were triggered by ransomware or other malware, with 60% of organizations reporting they had experienced unrecoverable data during that same time—substantially more than the 43% response rate to the same question a year ago.
And CrowdStrike is too in on the game — CrowdStrike’s 2022 Global Threat Report indicates that ransomware remains big business globally, with an 82% increase in ransomware-related data leaks in 2021.
Gartner released their Peer Insights for Q1 — Only 32% report they did not experience a cybersecurity breach in Q1. Over half (51%) of respondents report that cybersecurity incidents rose in Q1 from Q421. 44% said their cybersecurity budget is not adequate to deliver on goals, and another 22% consider it stretched.
So, in the context of that landscape, two larger pieces are now to talk about.
First is a new paper from the Institute for Security and Technology’s Ransomware Task Force. Long time listeners will remember them from a year ago, explicitly calling out MSPs as not commonly providing extensive security coverage or ransomware mitigations”. They did an update to their 48 specific recommendations last year. Twelve have seen tangible progress in the year since. Some initial steps have been taken on 29 recommendations, while seven recommendations have seen no action.
The second is a piece by ProPublica. Titled “Why It’s Hard to Sanction Ransomware Groups.” The task is far more complex than one might think. With changing names, groups, alliances, and teams, the groups themselves are difficult to specify and attribute the crimes. An example from the Record: Conti shuts down, but their talent is still at play.
Why do we care?
Broadly, the numbers aren’t good. I was asked about my perspective on the IT services market recently by a colleague. After discussing larger trends for a while, I noted that the cybersecurity tax would be levied against businesses for a while.
ProPublica’s dive is recommended reading – knowing why cybercrime helps explain it to customers and justify the security tax.
I’ll be further digging into the Ransomware Task Force’s findings, but I wanted to note that this attention to providers will be ongoing. Don’t expect that to be a one-and-done analysis. This group is proving to be a watchdog, reporting back to lawmakers.. whom we discussed yesterday.