Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyber attacks.
Sophos recently reported the India findings of the state of ransomware 2023 report. Sunil Sharma, MD, Sales, India & SAARC, said 93% of surveyed Indian organizations were hit by ransomware last year. Globally, about 66% of organizations were attacked.
In terms of the rate of ransom paid, it ranged from <$100,000 for 65% of the organizations, between $100,000-$499,000 for 30%, and over $500,000 for 6%. The rate of attacks, as per leading cities saw Chennai witnessing 89% attacks, Kolkata 77%, Bangalore and Delhi 68%, and Mumbai 67%, respectively. The root cause of ransomware attacks included exploited vulnerabilities at 35%, compromised materials at 33%, malicious emails at 19%, phishing at 10%, and brute force attack at 2%, respectively.
The level of data encryption within organizations was 72% in 2021, which moved to 80% in 2022. It is currently 77% in 2023. Out of the 77%, where data was also encrypted, about 38% organizations reported that data was also stolen.
For data recovery, about 98% of organizations had data backups. However, 73% organizations used data backups to restore data, 43% paid the ransom money and got their data back. As for cyber policies, 41% organizations had separate cyber policy. 52% had wider insurance policy, including cyber security, while 7% of the organizations had no cyber policy at all!
The mean recovery cost for organizations ranged from $3.04 million in 2021, to $2.81 million in 2022. It is currently at $1.03 million for 2023. About 85% of the organizations reported a loss in revenue during 2021.
Impact from cyber attacks
Ransomware continues to remain a major threat even today. The adversaries are continuing to develop and evolve their cyber attacks. Today, data theft, with data encryption, is commonplace. The financial and operational impacts from cyber attacks have also increased. The annual revenues are also seeing greater experience from ransomware, than the number of employees.
Sophos has recommendations for organizations that include: strengthen defensive shields, optimize the attack preparations, and good security hygiene. There must be adaptive technologies available with the organizations that can respond automatically to any cyber attack.
Sophos offers optimal cyber security outcomes. It has six global SOCs, including one in Bangalore. Sophos MDR or managed detection and response is considered a good ransomware defense. Sophos ZTNA or zero-trust network access provides better protection from ransomware.