Organizations unprepared for the ransomware onslaught
A new study shows that companies and government agencies are being overwhelmed by frequent, severe ransomware attacks that have become the number one threat organizations face.
"In many respects, ransomware is a game changer. It is incredibly easy and inexpensive for cyber criminals to execute highly profitable attacks on a global scale," says Holger Schulze, CEO and founder of Cybersecurity Insiders. "Many organizations are alarmingly unprepared for the ransomware onslaught. We predict the ransomware problem will get significantly worse -- with damages to the US economy exceeding $6 billion in 2017 alone."
Detailed findings from the survey include ransomware now being the fastest growing security issue, seen as a moderate or extreme threat by 80 percent of cyber security professionals. 75 percent of organizations affected by ransomware have experienced up to five attacks in the last 12 months alone with 25 percent suffering six or more attacks.
Email and web use represent the most common sources of ransomware infection, with employees opening malicious email attachments (73 percent), responding to a phishing email (54 percent) or visiting a compromised website (28 percent).
The majority of identified ransomware attacks are detected through endpoint security tools (83 percent), email and web gateways (64 percent), and intrusion detection systems (46 percent).
Security professionals rank user awareness training the most effective tactic to prevent and block ransomware (77 percent) followed by endpoint security solutions (73 percent), and patching of operating systems (72 percent) as preventive approaches.
Only a small fraction of respondents (three percent) say they would pay the ransom or negotiate with the attackers. A majority (51 percent) say they could recover from a successful ransomware attack within a day, while 39 percent estimate it would take more than one day to a few weeks to recover.
You can get the full report from the Cybersecurity Insiders website.