Survey shows declining trust in IT vendors like Microsoft

[German]It has been a gut feeling of mine that Microsoft in particular is somehow on a downward spiral in terms of product quality and security. Constant bugs and problems after updates, and an increasing number of successful cyber attacks on Microsoft products speak a clear language. Now, the CrowdStrike Global Security Attitude Survey 2021 confirms this impression that trust in established IT vendors like Microsoft is declining.

The survey of IT decision-makers, conducted by research firm Vanson Bourne, shows that ransomware payment demands and extortion fees are on the massive rise. 100% of the German companies surveyed that have paid ransom have also been blackmailed with further demands for money to prevent captured data from being published or resold. In turn, corporate trust in established IT vendors like Microsoft is dropping significantly, with 68% of [German] companies losing trust in traditional vendors like Microsoft.

I received the survey results from CrowdStrike Inc this week. That's a cloud-based endpoint and workload protection provider that had the Global Security Attitude Survey 2021 conducted by independent research firm Vanson Bourne. I found the information (see here) quite interesting, so I'm providing the key messages on the blog. Michael Sentonas, Chief Technology Officer at CrowdStrike, told me:

The study draws an alarming picture of the modern threat landscape and shows that attackers continue to exploit vulnerabilities in outdated technologies to prey on businesses worldwide. Today's threat landscape is costing organizations around the world millions of dollars and causing additional damage. The increasingly prevalent remote workplace poses greater challenges to enterprises as legacy software from vendors like Microsoft struggles to keep up in today's accelerated digital world.

This is a clear call for enterprises to rethink the way they work and more rigorously vet the vendors they work with. The threat landscape continues to evolve at a frightening pace, and it's clear that modern enterprises need a cloud-native, holistic end-to-end platform approach to quickly address and remediate threats.

Customers face a crisis of confidence in incumbent vendors as attacks on the software supply chain remain a challenge. That's according to the survey of corporate IT decision makers.

(Source: Pexels Markus Spiske CC0 Lizense)

User crisis of confidence in IT vendors

Recent attacks such as Sunburst and Kaseya have once again brought the issue of supply chain attacks to the forefront. Sixty-eight percent of German respondents admitted that their company has lost trust in established vendors such as Microsoft because of recurring security incidents involving these formerly trusted technology providers.

The problem is so widespread that nearly three-quarters of German respondents (74%) have already been affected by a supply chain attack, according to the survey. It's clear that companies looking to increase their cyber resilience need quick action and newer technologies. Because:

• 45 percent of German respondents have experienced at least one supply chain attack in the last 12 months.
• 60 percent of German respondents cannot confirm that all of their software suppliers have been audited in the last 12 months.
• 76 percent of German respondents fear that supply chain attacks will become one of the biggest cybersecurity threats in the next three years.

Ransomware infections are a particular problem, costing German companies an average of nearly $1.5 million.

I only have figured for German companies, but the report shall show similar data for other countries.

Ransomware attacks causes large costs

Survey data suggests that ransomware attacks continue to prove effective. In the process, German average ransomware payments increased by 26.6 percent in 2021 (from $1.09 million in 2020 to $1.38 million in 2021).

German companies are also affected by so-called "double extortion" – attackers not only demand a ransom for the decryption of data, but also further sums for not passing on or selling the captured data. The latest survey data shows that 100% of German companies that paid a ransom were forced to pay an average of $542,593 in additional extortion fees. Here are some more findings from the survey:

• Fifty-eight percent of German companies surveyed have been affected by at least one ransomware attack in the past 12 months.
• Nearly two-thirds (61%) of companies here did not have a comprehensive ransomware defense strategy in place.
• The average ransomware payment was $1.34 million in EMEA and $2.35 million in APAC. 
• The global average ransomware payment increased 63 percent to $1.79 million in 2021, up from $1.10 million in 2020.

CrowdStrike Intelligence observed that the average ransom demand from attackers is $6 million. Even if attackers do not receive the full sums demanded, they still make large profits. CrowdStrike attributes this to companies' understanding of both the threat and their exposure, and their ability to negotiate with attackers.

Are companies well positioned?

CrowdStrike thinks companies are moving in the wrong direction when it comes to detection and response time. The security vendor encourages companies to comply with the 1-10-60 rule. Under this rule, security teams must be able to,

• Detect security breaches within one minute,
• investigate and understand them within 10 minutes,
• and contain and remediate them within 60 minutes.

In today's digital world, where remote access (remote attacks) are top of mind, organizations continue to face significant challenges in detecting security incidents, survey data shows:

• On average, respondents worldwide estimated it would take 146 hours to detect a cybersecurity incident, down from 117 hours in 2020.
  German companies estimated it would take them 120 hours to detect a cyber incident, which is slightly slower than the 111 hours reported last year. 
• Once discovered, it takes companies 11 hours to classify, investigate and understand a security incident and 16 hours to contain and remediate it.
• German companies estimated that it takes them 8 hours to classify, investigate and understand a security incident and 15 hours to contain and remediate it.
• Seventy percent of German companies surveyed said their company suffered a security incident because employees were mobile (69% global average).

Within the Threat Hunting Report 2021 reports CrowdStrike's Falcon OverWatch  that eCrime actors are able to move laterally across an organization's network in an average of 92 minutes. This presents a sharp contrast between the capabilities of today's fast attackers and defenders, who are increasingly slowed by large volumes of alerts and tools without integrated workflows. Not a good outlook, I'd guess.

CrowdStrike commissioned independent technology market research specialist Vanson Bourne to conduct the quantitative research on which this whitepaper is based. A total of 2,200 senior IT decision makers and IT security professionals were surveyed in the US, EMEA and APAC regions in September, October and November 2021. Unless otherwise stated, the results discussed refer to the responses of German respondents (200 in total).