Sophos has released the “State of Ransomware in Financial Services 2023”, an insightful report

Sophos has released the State of Ransomware in Financial Services 2023, an insightful report based on a survey of 336 IT/cybersecurity professionals across 14 countries working in the financial services sector. The findings reveal the real-world ransomware experiences of the sector.

Rate of attack and data encryption

The 2023 survey revealed that the rate of ransomware attacks in financial services continues to rise. It went up from 55% in the 2022 report to 64% in this year’s study, which was almost double the 34% reported by the sector in the 2021 report. Although the sector experienced an increased attack rate, it was below the cross-sector average of 66%.

Financial services reported the highest encryption level in three years: 81% of organizations stated that their data was encrypted, a 50% rise over the 2022 report when 54% reported data encryption. Over one in ten attacks (14%) were stopped before the data was encrypted, down by 67% over last year’s report and the second lowest rate across all sectors in this year’s survey.

In a quarter of attacks (25%) where data was encrypted, data was also stolen, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.

Root causes of attacks

Exploited vulnerabilities (40%) and compromised credentials (23%) were the two most common root causes of the most significant ransomware attacks in the financial services sector. Emails (malicious emails or phishing) were the third most common root cause behind 33% of attacks experienced by the sector.

Data recovery and the propensity to pay the ransom

98% of financial services organizations got their encrypted data back, slightly higher than the 97% cross-sector average. 43% of financial services organizations paid the ransom to recover their encrypted data, while over two-thirds (69%) used backups for data recovery. Encouragingly, the rate of ransom payments in financial services is down from 52% in our 2022 study, while the use of backups to restore data has increased slightly from 66% in the 2022 report to 69% in this year’s report.

However, the proportion of financial services organizations paying higher ransoms has increased, with almost 39% paying a ransom of $1M or more in our 2023 study compared to just 5% in the year before. At the same time, the percentage of financial services organizations that paid less than $100,000 remained in line with last year’s report, coming in at around 40%.

Read the full report here.

Mitigating the ransomware risk

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

  1. Strengthen defensive shields, including:
  • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
  • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
  • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
  1. Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
  2. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

About the survey

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 336 in the financial services sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Source: Sophos