A recent survey found that organizations victimized by ransomware attacks are increasingly deciding to pay the ransom demand to regain access to their systems and data. Those same organizations also are concerned that generative AI could enhance future attacks.
In the 2023 CISO Report, published by Splunk, nearly 96 percent of respondents claimed they fell victim to a ransomware attack within the past year, and eighty-three percent paid the ransom demand. Of those who paid, 18 percent paid the ransom directly, 37 percent paid through cyber insurance, and 28 percent paid through a third party.
The ransom payments varied, according to the report, but more than half of respondents paid more than $100,000, and about nine percent paid $1 million or more.
However, while organizations increasingly decide to pay ransom demands, most chief information security officers (CISOs) – about 69 percent – believe paying the ransom makes an organization “vulnerable to legal exposure in the future.”
According to survey respondents, even after payment organizations may not recover all their lost capabilities, “[and] cyber insurance is no silver bullet; it’s often difficult to obtain while falling short of full reimbursement,” the report states.
In conclusion, organizations need to have “offline, regularly-tested, segregated back-ups,” the report urges.
In addition, organizations need to “designate maintenance responsibility and conduct regular checks [which are] successfully executed,” and they need to “run a board-level exercise to exert some real-yet safe pressure on those systems,” the report states.
Respondents also indicated a need to build up their cyber resilience and visibility with more cross-function collaboration. According to the report, 92 percent of respondents saw a significant or moderate increase in cybersecurity collaboration between their security, IT, and engineering teams – likely brought on by an increased focus on digital transformation, cloud-native software development, and risk management efforts.
However, while 77 percent saw these cross-function collaborations as “good,” 42 percent also commented that there was room for improvement.
Mixed Feelings Over AI
It’s clear that all types of users and organizations leverage generative AI technology, and use of gen-AI tech is not going away. This fact concerns many CISOs, with a bulk – about 70 percent – predicting that generative AI will create an asymmetrical battlefield that will inevitably favor cyber adversaries.
“We are trying to stay ahead of generative AI. We know it is a technology that is being used. Instead of blocking the technology, we are trying to put as many guardrails around it as possible,” one respondent commented.
“CISOs thought the highest ranking malicious use cases would be faster and more efficient attacks, 36 percent; voice and image impersonations for social engineering, 36 percent; and extending the attack surface of the supply chain, 31 percent,” the report states.
According to the report, many of these concerns are still theoretical.
But not all CISOs feel the same way. About 35 percent of respondents said they’ve experimented with the technology to beef up their cyber defenses in malware analysis and workflow automation. For example, 26 percent tapped AI to analyze data sources to determine which should be optimized or removed, while 23 percent used generative AI to create detection rules.
In addition, about 86 percent of CISOs commented that generative AI could fill critical gaps in cyber defenses, such as alleviating skills gaps and talent shortages that they have on the security team.
“We learn in cyber after the fact, with AI and [generative AI], we can be more proactive, and it may help us with skills shortages,” one respondent commented.
Yet, according to some respondents, fusing AI into cyber defenses would also require upskilling the workforce – about 46 percent plan on getting security teams up to speed on prompt engineering, and 39 percent plan to train employees on threats that might surface due to generative AI.