Enterprises Reveal the Effects of Ransomware
New survey unlocks common questions about the challenges organizations face when it comes to ransomware.By: David Puzas
If your organization has not been a victim of a ransomware attack, don't celebrate yet. More than half of the respondents to a recent ransomware defense survey expect they are likely to be a target in 2017.
In a survey conducted in fall 2016, 36 percent of security leaders surveyed said their organizations had been victims of ransomware in the past year, and 57 percent said they are more likely to be a ransomware target this year. With the rise in Ransomware-as-a-Service (RaaS), that could be accurate. The RaaS business model lets anyone do business with a ransomware creator, and the distributor – which could be anyone, including you or I if we wish – becomes partners with the creator and shares a percentage of the ransom.
Although criminals don't always act on their promises, employees are much more trusting, which is why they often click on links and attachments that end up being malware. Survey respondents said the most popular ways ransomware typically tries to enter their organizations is via email attachments (78%), users visiting compromised websites (48%), and malvertisements (36%). Respondents estimated that the total cost of a ransomware infection—from detection to mitigation to business impact—was $500 to $1 million or more.
Only 21 percent of respondents said they are extremely confident in the capability of their own organization's defenses to detect malware on endpoint devices before it spreads from workstations and infects critical files via file-share, while 62 percent said they are somewhat confident, and 17 percent said they are not at all confident. Although 79 percent of survey respondents acknowledged that their current anti-malware solution is not completely effective at protecting their organization from ransomware, only 4 percent of respondents said ransomware has caused their organization to consider replacing its existing AV/endpoint security solution.
If that makes you scratch your head, think about this: Three-quarters of survey respondents said ransomware is a significant business threat, yet only 56 percent said they have a ransomware response plan in place. Not even half of respondents (48%) said they believe their organizations are average at best when it comes to detecting or blocking ransomware before it locks or encrypts data in their systems. Clearly there are problems that need fixing.
On the upside, to combat ransomware respondents said they rely on data backup and recovery (78%), user awareness (72%), and email and web gateways (65%). Using an offline system to back up critical data daily and testing your ability to retrieve that backup data should be part of everyone's security process.
Looking ahead at 2017, 82 percent of respondents said they believe ransomware will be a larger threat to organizations globally, and 97 percent predicted they would have the same or increased budget as that in 2016 to fight ransomware. Relying on the same old methods to prevent new attack vectors that pass right through current protections will allow ransomware into your network.
To see what to do to detect and block ransomware, see our next post "Bolstering Defenses to Block Ransomware."
View the 2017 Ransomware Defense survey in its entirety, and find answers to questions such as the following:
- Should organizations simply pay the ransom when they detect ransomware that has maliciously impacted their systems?
- How do you assess your organization's current ability to either block or detect ransomware before it locks or encrypts data within your systems?
- How quickly is ransomware typically detected when it attempts to enter your organization?
Click to download the 2017 Ransomware Defense Survey Results infographic.