Cybersecurity Pros Say Ransomware, Nation-State Attacks Dominate Threats

State-backed attacks and ransomware demands averaging around $1 million are the top concerns for security professionals, CrowdStrike survey finds.
Published: November 25, 2020

According to a new survey from cybersecurity firm CrowdStrike, nation-state attacks and ransomware remain top priorities of cybersecurity professionals as the global pandemic and remote work continue to shape our professional lives.

The company’s third annual Global Security Attitude Survey, produced by an independent research firm, includes the results of a survey of 2,200 senior IT decision makers and security professionals. The survey was conducted in August and September across 12 countries representing both private and public sector organizations.

Among the key findings, according to a CrowdStrike blog, is that 71% of security professionals have a growing fear of state-backed attacks and ransomware in the wake of COVID-19. Further, a majority (56%) reported a ransomware attack within the last 12 months.

Nation-state attacks are much more common than people think, the survey found, as 87% of respondents said they felt that way. And, a shocking 73% said those kinds of attacks are the single biggest threat to their organization.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

Cloud computing has become a requirement in the age of remote work, but that could be exacerbating the issue of increasing attacks, the survey found. Eighty four percent of respondents said they’ve accelerated their digital transformation as a result of the pandemic, with 45% saying they have increased cloud rollouts to remote employees.

Despite the possibility of sanctions from the U.S. Department of the Treasury for paying ransoms to state-backed attackers, 27% of respondents said they’ve paid the ransom, which averages $1.1 million globally.

In the U.S., the average ransom paid is just under $1 million.

According to the survey, organizations are addressing these threats via investment in cybersecurity, digital transformation and training.

Of organizations that reported a ransomware attack, 76% upgraded their security tools to reduce the risk of a future attack, and 65% upgraded their security staff.

Respondents also indicated that a security investment of at least $100,000 was necessary to securely deploy a remote workforce. And, 61% of respondents said they’ve spent $1 million on digital transformation over the last three years.

CrowdStrike recommends continuing to invest in digital transformation, protecting workloads where they are rather than maintaining security models built around network perimeters, integrating identity protection and quickly identifying, investigating and eliminating threats.


This article originally appeared in CS sister publication MyTechDecisions.com. Zachary Comeau is TD’s web editor.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series