Vast Majority of Cyberattacks Preventable with Better Security, New Report Finds

A new report has revealed that an overwhelming 92% of organizations that suffered a cyberattack believe the incident could have been prevented with stronger security measures and improved cyber hygiene. The findings, published in the 2024 State of Ransomware & Exfiltration Report by cybersecurity firm Delinea, highlight persistent vulnerabilities despite increased awareness of cyber threats.

Key Attack Vectors Identified

The study, which surveyed over 300 IT and security decision-makers in the United States, found that ransomware attacks continue to rise, affecting 76% of organizations in the past 12 months, an increase from 66% the previous year. The most common entry points for these attacks were identified as compromised credentials, cited by 69% of respondents, and phishing, noted by 57%. This underscores the critical role of identity and access security in an organization’s defense strategy.

Effectiveness of Security Measures Questioned

While 75% of the breached organizations had some form of Privileged Access Management (PAM) controls in place, the report indicates significant gaps in implementation. A notable 60% of these organizations still experienced a breach originating from a compromised privileged account, suggesting that existing security tools are often not configured or utilized to their full potential.

Shifting Responses to Ransom Demands

The report also points to a shift in how companies respond to ransom demands. A significant 40% of organizations that fell victim to ransomware did not pay the ransom, a substantial increase from previous periods. Furthermore, the financial and operational impact of these breaches has prompted action, with 53% of organizations increasing their cybersecurity budgets following an incident. The study suggests a growing trend of resilience and a refusal to negotiate with cybercriminals, coupled with a renewed focus on bolstering preventative security measures.