CrowdStrike’s fourth Global Security Attitude Survey shows that 63% of organizations are losing trust in legacy vendors like Microsoft; 96% of organizations that paid a ransom were charged additional extortion fees

SUNNYVALE, California, December 07, 2021– (BUSINESS WIRE) –CrowdStrike, Inc. (Nasdaq: CRWD), a leading provider of cloud-based protection of endpoints, cloud workloads, identities and data, today announced the release of the 2021 CrowdStrike Global Security Attitude Survey, carried out by an independent research company Vanson Bourne. The report highlights that ransomware payout claims and extortion fees are skyrocketing, while trust in legacy IT vendors has fallen and businesses are actually slowing down to detect cybersecurity incidents.

“The survey provides an alarming picture of the modern threat landscape and shows that adversaries continue to exploit organizations around the world and circumvent outdated technology. Today’s threat environment is costing businesses around the world millions of dollars and creating additional impact, ”said Michael Sentonas. Chief Technology Officer at CrowdStrike. “The evolving remote workspace certainly exacerbates the challenges facing businesses as legacy software like Microsoft struggles to keep up in today’s accelerated digital world.”

“This represents a clear call for companies to change the way they work and to be more rigorous in evaluating the suppliers they work with,” added Sentonas. “The threat landscape is evolving at a terrifying pace, and it is evident that modern organizations need a cloud-native, end-to-end, end-to-end platform approach to quickly address and remediate threats.”

Customers are faced with a crisis of confidence in legacy vendors as attacks on the software supply chain continue to pose challenges
Recent attacks like Sunburst and Kaseya have once again pushed supply chain attacks to the fore, as evidenced by 63% of respondents who admit their company is losing trust in older vendors like Microsoft due to frequent security incidents against these previously trusted technology providers.

The problem is so widespread that more than 3 in 4 respondents (77%) have suffered a supply chain attack. It is clear that companies looking to increase their cyber resilience need quick action and newer technology.

  • 45% of respondents had experienced at least one supply chain attack in the past 12 months.

  • 64% of respondents cannot claim that all of their software suppliers have been reviewed in the past twelve months

  • 84% of respondents fear that supply chain attacks will become one of the top cybersecurity threats in the next three years

Ransomware remains a persistent and widespread threat that costs businesses almost $ 2 million on average
Survey data shows ransomware attacks continue to prove effective, with average ransomware payments increasing 62.7% in 2021 (from $ 1.1 million in 2020 to $ 1.79 million in Year 2021). In addition, organizations are hit by “double blackmail” almost everywhere when threat actors not only demand a ransom for decrypting data, but threaten to divulge or sell the data unless the victims pay more. Survey data shows that 96% of businesses that paid a ransom were forced to pay additional extortion fees, which cost businesses an average of $ 792,493. Other notable results are the following:

  • 66% of respondents’ businesses have suffered at least one ransomware attack in the past 12 months

  • More than half (57%) of companies lacked a comprehensive ransomware defense strategy

  • The average ransomware payment was $ 1.34 million in EMEA and $ 2.35 million in APAC and $ 1.55 million in the US

  • The average ransom payment increased by 63% in 2021 to $ 1.79 million (USD) compared to $ 1.10 million (USD) in 2020. CrowdStrike Intelligence found that the average ransom note from attackers is $ 6 million. Even though attackers aren’t getting quite the amounts they’re looking for, they are still making massive payouts. CrowdStrike attributes this to companies understanding both the threat and its exposure and having their ability to negotiate with attackers.

Businesses are going in the wrong direction when it comes to detection and response time
CrowdStrike encourages organizations to make an effort to get the 1-10-60 rulewhere security teams demonstrate the ability to detect threats within the first minute of a break-in, investigate and understand the threat within 10 minutes, and contain and eliminate the threat within 60 minutes. In today’s remote-first-digital world, companies continue to face massive challenges in detecting security incidents, as evidenced by insightful survey data.

  • On average, respondents estimated that it would take time 146 hours to detect a cybersecurity incident from 117 Hours in 2020.

  • Once recognized, organizations are needed 11 hours detect, investigate and understand a security incident, and 16 hours contain and fix one

  • 69% of respondents said their company had an incident because employees were working remotely

By doing Threat Hunt Report 2021, CrowdStrikes falcon Overwatch reported that eCrime threat actors were able to move sideways through an organization’s network in an average of 92 minutes. This represents a sharp contrast between the capabilities of today’s fast-paced attackers and defenders, who are increasingly being thwarted by high levels of alerts and tools without built-in workflows. Only CrowdStrike offers customers the powerful combination of world-class technology combined with world-class threat hunting and human expertise necessary to detect and stop today’s most sophisticated threats.

For additional information, please read the following:

CrowdStrike hired independent technology market research specialist Vanson Bourne to carry out the quantitative study on which this white paper is based. In September, October and November 2021, a total of 2,200 high-level IT decision-makers and IT security experts were interviewed, who were represented in the USA, EMEA and APAC regions.

About Vanson Bourne:
Vanson Bourne is an independent technology market research specialist. Their reputation for robust and credible research-based analysis is built on rigorous research principles and their ability to seek the opinions of high-level decision makers in all technical and business functions in all business areas and in all major markets. For more information visit:

About CrowdStrike
CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a global leader in cybersecurity, is redefining security for the cloud age with an endpoint and workload protection platform from the ground up to stop security breaches. The CrowdStrike Falcon® platform’s single lightweight agent architecture leverages artificial intelligence (AI) on a cloud scale to provide real-time protection and visibility across the enterprise, preventing attacks on endpoints and workloads inside or outside the network. Based on the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon collects approximately 1 billion high-fidelity signals in real time from around the world every day, driving one of the world’s most advanced data platforms for security.

With CrowdStrike, customers benefit from better protection, better performance, and instant value creation from the cloud-native Falcon platform.

At CrowdStrike there is only one thing to keep in mind: We stop violations.

Qualified organizations can get full access to Falcon Prevent ™ by starting a free trial.

Learn more:

Follow us: Blog | Twitter

© 2021 CrowdStrike, Inc. All rights reserved. CrowdStrike, the Falcon Logo, CrowdStrike Falcon, and CrowdStrike Threat Graph are trademarks owned by CrowdStrike, Inc. and are registered in the US Patent and Trademark Office and in other countries. CrowdStrike owns other trademarks and service marks and may use third party marks to identify their products and services.

View source version on


Kevin Benacci
CrowdStrike corporate communications

Source link
#survey #shows #growing #crisis #confidence #among #Microsoft #legacy #providers

Leave a Reply