InfoSecBulletin Cybersecurity for mankind
According to a survey conducted by the Canadian Internet Registry Authority (CIRA), most organizations in Canada still choose to pay ransomware gangs after successful attacks.
One conclusion from an online survey of 500 Canadian cybersecurity professionals is that organizations with at least 50 employees are at risk. The survey was released by CIRA on Tuesday.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
CIRA oversees the .ca registry.
41% of respondents reported that their organization had been targeted by a cyber attack in the past year. Among these, 23% confirmed that their organization had fallen victim to a ransomware attack, an increase of 1% compared to last year.
ALSO READ:
Bypass Cloudflare Firewall and DDoS Protections using Cloudflare
70% of organizations surveyed said they paid ransom demands, with nearly a quarter paying up to $100,000. These numbers are similar to previous surveys conducted by CIRA. In 2022, 73% of those affected by ransomware paid, compared to 69% in 2021.
The numbers went in the wrong direction this year, according to Jon Ferguson, CIRA’s general manager of cybersecurity.
If organizations are not prepared for an attack beforehand, it can be difficult for them to fix the problem afterwards. Some organizations choose to pay because they believe it is the easiest solution. They may not have the capability to recover without regaining access to their data.
They may also be worried about damage to their reputation if word gets out about a ransomware attack, he added.
Some organizations in 2023 may not be ready to deal with ransomware because they struggle to comprehend the risks that come with adopting new technologies in IT.
The survey showed that IT professionals acknowledge the issue of ransomware. In fact, 75% of the respondents expressed their support for a law that would prohibit organizations from paying ransoms. This is an increase from 64% in the previous year’s survey.
64% of respondents in the survey said they had used their incident response plans in the past year. Ferguson noted that it is at least good that they had a plan to use. In fact, 44% of respondents said their company has a comprehensive incident response plan, while another 40% said they have a basic plan.
