SURVEY: Is SA a prime ransomware target?
ITWeb, in partnership with KnowBe4, conducted a survey on ransomware earlier this year, to gain a better understanding of how South African organisations have been impacted by and are responding to the ransomware threat.
The survey found that an overwhelming 85% of respondents are concerned about ransomware.
Interestingly, 67% of respondents say they wouldn’t pay a ransom to get their data back. The reasons given include they are prepared for an attack and because paying the ransom doesn’t guarantee a decryption key and it would further encourage attackers. A further 19 % said it would depend on the impact on business continuity and type of data exfiltrated. Five percent said they’d pay a ransom.
Collard says, “When compared to any other direct marketing initiatives, a five percent success rate is a relatively high ‘hit-rate’. This should be very concerning as it shows how lucrative extortion crimes are.”
Survey respondents were asked what concerned them most about the ransomware threat. Business disruption topped the list of concerns, followed by loss of data, brand/ reputational damage and regulatory impact and/or fines.
Ransomware is covered as a threat within their general IT risk management and security strategy, according to 67% of respondents, while 20% don’t have a ransomware protection strategy in place.
“As the recent onslaught of ransomware attacks against both public and private organisations in South Africa shows, cybercriminals have identified this country as an attractive target market, and businesses need to do more to equip themselves against this threat,” says Collard.
Asked how well prepared their organisation was for a ransomware attack, 28% were well prepared, 36% were prepared, 21% were somewhat prepared and 8% said they should be more prepared.
...cybercriminals have identified SA as an attractive target market.
Seven percent said they weren’t prepared for a ransomware attack. The top three countermeasures considered most effective in stopping ransomware are: security awareness training, endpoint protection and email scanning.
While 63% of respondents said they hadn’t experienced a ransomware attack in the past, 13% of those who said yes, had multiple incidents. Over a quarter (27%) of those who said yes said social engineering was the root cause that allowed ransomware to gain an initial foothold in their environment. Sixteen percent blamed unpatched software, 11% misconfiguration and 8% listed password issues as the root cause.
In financial terms, 24% of respondents said the impact of the ransomware attack had exceeded R1-million, 5% said it was over R500 000, 14% said between R100 000 and R499 000 and another 5% said it was under R100 000. Over a third (37%) of respondents don’t have cyber insurance against ransomware, while 41% have cyber insurance that covers the organisation in the event of a ransomware attack.
"...as developed nations clamp down on cyber criminals, the same criminals will shift their attention towards the emerging economies, making South Africa a more attractive target."Anna Collard, KnowBe4
Encryption of data was reported by 60% of respondents who had suffered a ransomware attack, 13% experienced encryption and exfiltration of data while 15% experienced all of the aforementioned as well as a DDoS attack. Only 2% report paying the ransom – 38% recovered from backup and notified customers.
“This survey confirms other reports that the most common initial access vectors are social engineering, Microsoft Remote Desktop Protocol (RDP), unpatched software and password attacks,” says Collard. “It makes sense to prioritise controls that address these attack vectors. Furthermore, organisations need to proactively plan for the worst case scenario and include the event of a ransomware attack in their incident response process.
“Worse than the actual direct financial costs are the long-term reputational impacts such as the potential loss of investor confidence in South Africa. This country has a fairly high digital dependency and as developed nations clamp down on cyber criminals, the same criminals will shift their attention towards the emerging economies, making South Africa a more attractive target. The only way we can combat this threat is by working together and fostering more collaboration between public and private sectors,” she concludes.