Ransomware incidents down 17%—but threat of cyberattacks continues to grow

Cyberattacks continue to grow as a threat to companies, but ransomware incidents declined 17 percent, according to ISACA’s State of Cybersecurity 2018 survey.

The survey, including the responses from 2,366 security leaders, outlined the types and volume of cyberattacks. It also provided recommendations for improved cybersecurity.

Findings included:

  • 50 percent of security leaders have seen an increase in cyberattacks in the last year.
  • 80 percent reported an attack in the next year was “likely” or “very likely.”
  • Incidents of ransomware declined from 62 percent to 45 percent this year, most likely because organizations improved security following the international WannaCry and NotPetya attacks. 
  • 82 percent reported a ransomware strategy in place, and 78 percent had a formal process.
  • Ransomware attacks could have been displaced by cryptocurrency mining.
  • The most common cyberattack vectors were phishing, malware and social engineering.
  • 39 percent of respondents were not familiar or only slightly familiar with active defense strategies, and only half were actively using them.

“This is a missed opportunity for security leaders and their organizations,” said Frank Downs, director of cybersecurity at ISACA. “ISACA’s research indicates that active defense strategies are one of the most effective countermeasures to cyberattacks. A full 87 percent of those who use them indicate that they were successful.”

Recommendations included:

  • Invest in talent – Organizations should invest in finding, retaining and training skilled cybersecurity professionals.
  • Explore automation benefits – Organizations should consider automation-driven strategies to detect and support recovery and response efforts.
  • Ensure investment in security controls – Investing in security controls against phishing, malware and social engineering would prevent these most common forms of attack.