Mid-market organizations hardest hit by ransomware

Mid-market organizations -- those with 1,000-5,000 employees -- have been hit the hardest with ransomware in 2017, with 29 percent experiencing a ransomware attack, according to a new report.

Security awareness training company KnowBe4 has released its 2018 Threat Impact and Endpoint Protection Report which shows organizations in manufacturing, technology and consumer-focused industries experienced the most ransomware attacks.

On average, 16 workstations, 5 servers and 22 users within an organization were affected in any given attack with an average downtime of 14 hours. The organizations suffering the most downtime hours were again mid-market and enterprise (5000+ employees) organizations.

The more critical the data is to an organization, the higher likelihood of the ransom being paid. 97 percent of organizations say that ransomware encryption impacted common Office-type files which included critical, sensitive and proprietary data. While most organizations don’t pay the ransom, the ransoms ranged from $500 to $1 Million. Most bitcoin-related ransoms were 1-3 bitcoins, ranging from $600 to $11,000.

Organizations are, however, realizing the value in maintaining backup copies of their data, with 61 percent recovering server data from backups and 35 percent recovering workstation data from backups following an attack.

"While ransomware attacks are becoming more and more sophisticated, they are preventable. As the report shows, endpoint protection solutions help protect against a material percentage of malware, but don't actually put a stop to the threat," says Stu Sjouwerman, CEO of KnowBe4. "It's only by adding continual testing and training of employees that organizations create their strongest security posture and see a material decrease in both ransomware and external malware attacks. This shows a well-implemented security awareness training program makes an organization much less susceptible to an attack. As these threats continue to grow, it's imperative that organizations mobilize their last line of defense -- their employees -- to help protect against this threat."

The full report along with recommendations for improving security is available from the KnowBe4 website.

Photo Credit: LeoWolfert/Shutterstock