Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Axio Research Report: Why Businesses are so Vulnerable to Ransomware

October 20, 2021

On October 19, Axio, a cyber risk management software company, released its 2021 State of Ransomware Preparedness Report, which may be downloaded for free.

The report identifies emerging patterns that yield insights into why organizations are increasingly susceptible to ransomware attacks. The data pinpoints seven key areas where organizations are deficient in implementing and sustaining basic cybersecurity practices:

  • Management of privileged access
  • Basic cyber hygiene
  • Exposure to supply chain risk
  • Network monitoring
  • Incident management
  • Vulnerability management
  • Training and awareness

Most organizations surveyed are not adequately prepared to manage the risk associated with a ransomware attack.

Key data findings:

Nearly 80% of organizations responded that they have not implemented or have only partially implemented a privileged access management solution.

Only 36% of respondents indicated that they audit the use of service accounts, a type of privileged account, on a regular basis.

Only 26% of respondents deny the use of command-line scripting tools (such as PowerShell) by default.

69% of organizations indicated that they do not limit access to the internet for their Windows domain controller hosts.

Only 29% of respondents evaluate the cybersecurity posture of external parties prior to allowing them access to the organization’s network.

Only 50% of respondents conduct user awareness training for employees on email and web-based threats, such as spear-phishing and watering hole attacks, on an annual basis.

I certainly agree that those statistics explain why we are so woefully ill-prepared to deal with the threat of ransomware attacks. Surely, we can do better!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology