Ransomware attacks, in which cyber criminals encrypt a business's crucial systems and data until a ransom is paid, are now widely seen as the single greatest threat to private and public sector organisations.
This was a key finding of the Cybersecurity Insiders Ransomware 2017 Report, sponsored by Bitdefender, and conducted by Crowd Research Partners, to gather insights, reveal the latest ransomware trends, and provide guidance on addressing the ransomware threat. The report, done in partnership with more than 370 000 members of the Information Security Community on LinkedIn, claims to be the most comprehensive research to date.
The survey revealed that 80% of cyber security professionals view ransomware as a moderate or extreme threat. Another finding revealed that 75% of organisations affected by ransomware have experienced up to five attacks in the last 12 months alone. Twenty-five percent say they experienced six or more attacks, and the overwhelming majority of respondents believe that ransomware will become an even larger threat over the next year.
How attacks are handled
In the aftermath of a ransomware attack, there are several ways in which cyber security practitioners can respond. The most common among those surveyed (81%) is to identify the ransomware strain attacking the company, and contain the damage by isolating and shutting down all infected systems and accounts, removing the malware, and recovery from backup files.
Over three-quarters of respondents (77%) say their business is highly unlikely to pay the ransom in an attempt to recover their data. Only a few said they would be willing to pay a ransom or negotiate with attackers, and 3% of organisations said they have already set up a Bitcoin account in preparation.
However, the report states that the position of refusal to pay is in some measure theoretical, as it is harder to take a principled stand when the survival of an organisation is at stake and jobs are on the line, or when no viable backup is available.
Infection vectors, detection and targets
So how does ransomware infect most companies? According to the report, e-mail and Web use are the most common ransomware infection vectors with employees opening malicious e-mail attachments (73%), responding to a phishing email (54%) or visiting a compromised Web site (28%).
In terms of what is at risk, ransomware actors are mostly after financial data (62%) followed by customer data at 61%. From a solution point of view, the majority of identified ransomware attacks were uncovered through endpoint security tools (83%), e-mail and Web gateways (64%), and intrusion detection systems (46%).
Security teams claim that user awareness training is the most effective way to prevent and block ransomware (77%). For preventative tools, endpoint security solutions were named effective by 73%, and patching of operating systems by 72%.
For response, data backup and recovery came in tops with (74%) saying it is the most effective way to respond to a successful attack, and the vast majority, 96%, confirm they have a data backup and recovery strategy in place.
Defences and recovery
When it came to measuring their organisation's ability to detect and block ransomware attacks before they spread, over half surveyed, (51%), said they are slightly to moderately confident in their ransomware defences, with 8% claiming they are not confident at all. Forty percent are either 'extremely' or 'very' confident in their defence strategies.
Recovering from a ransomware attack quickly is crucial, as business costs soar with every hour the it cannot fully operate. Just over half of those surveyed, 54%, claim they have the ability to recover from a ransomware attack within a day, and 39% estimate it will take up to a few weeks to recover. Only 7% of businesses surveyed believe they would never fully recover.
The main hurdles in the way of stronger ransomware defence are resources and staying abreast of the latest ransomware strains. Just over half (52%) cite lack of budget, 42% claim managing the evolving sophistication of attacks, and 33% say lack of human resources is an issue. On the plus side, 60% of businesses say they expect to receive more budget for ransomware security going forward.
Share