New Axio Research Report Illustrates Glaring Deficiencies in Cybersecurity Hygiene Leaving Organizations Exposed to Ransomware

NEW YORK--(BUSINESS WIRE)--Axio, the leader in cyber risk management software, today released its 2021 State of Ransomware Preparedness research report. The report reveals that organizations are not equipped to defend against ransomware due to deficiencies in implementing and sustaining basic cybersecurity practices, including managing privileged administrator credentials and ensuring visibility of supply chain risk.

“Ransomware is everywhere, dominating headlines, corporate board meetings and even the Biden administration’s agenda,” remarked the report’s co-author David White, President and Co-Founder of Axio. “And with high-visibility attacks continuing to unfold, companies more than ever require ransomware readiness measures in place to protect against a cyber catastrophe. As we learned from the much-publicized Colonial Pipeline attack—which raised national awareness about critical infrastructure susceptibility to ransomware—these attacks can cause widespread societal disruption and economic damage.”

The report identifies several emerging patterns that yield insights into why organizations are increasingly susceptible to ransomware attacks. The data pinpoints seven key areas where organizations are deficient in implementing and sustaining basic cybersecurity practices:

• Management of privileged access
• Basic cyber hygiene
• Exposure to supply chain risk
• Network monitoring
• Incident management
• Vulnerability management
• Training and awareness

Overall, most organizations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:

• Nearly 80% of organizations responded that they have not implemented or have only partially implemented a privileged access management solution.
• Only 36% of respondents indicated that they audit the use of service accounts, a type of privileged account, on a regular basis.
• Only 26% of respondents deny the use of command-line scripting tools (such as PowerShell) by default.
• 69% of organizations indicated that they do not limit access to the internet for their Windows domain controller hosts.
• Only 29% of respondents evaluate the cybersecurity posture of external parties prior to allowing them access to the organization’s network.
• Only 50% of respondents conduct user awareness training for employees on email and web-based threats, such as spear-phishing and watering hole attacks, on an annual basis.

“As ransomware techniques continue to become more sophisticated and readily available, the threat to organizations, regardless of size or industry, increases,” stated Scott Kannry, CEO and Co-Founder of Axio. “Companies need to take a proactive approach to ransomware by evaluating and identifying gaps in their cybersecurity posture. Our research clearly illustrates that some improvements in ransomware defense may be directly attainable by re-committing to improving basic cyber hygiene. Axio is committed to helping organizations take a proactive approach by identifying and quantifying cybersecurity risks, including growing threats like ransomware. The key is to be ready.”

To learn more, please download a complimentary copy of the report.

About Axio

Axio is the leader in SaaS-based risk management software, which empowers security leaders to build and optimize security programs and quantify risk for better investment prioritization and decision-making. Since 2013, Axio has been a trusted partner of the world’s leading critical infrastructure, manufacturing, and financial services organizations. Axio360 is the only risk management platform designed to align security leaders, business leaders, executives, and Boards of Directors around a common set of benchmarks, performance metrics, and shared understanding of the most critical corporate risks.