Businesses fall victim to ransomware despite precautions
According to a new survey of 200 decision makers in businesses that had suffered a ransomware attack since 2019, more than half of victims had received anti-phishing training and 49 percent had perimeter defenses in place at the time of attack.
The study conducted by Sapio Research for Cloudian finds that phishing continues to be one of the easiest paths for ransomware, with 24 percent of attacks starting this way. Phishing succeeds despite the fact that 54 percent of all respondents and 65 percent of those that reported it as the entry point have conducted anti-phishing training for employees.
The public cloud is the most common point of entry for ransomware, with 31 percent of respondents being attacked this way. One an attack is under way things happen quickly, 56 percent of survey respondents report that attackers were able to take control of their data and demand a ransom within just 12 hours, and another 30 percent say it happened within 24 hours.
The cost of attacks is high too, average ransom -- for those who paid- - was $223,000, with 14 percent paying $500,000 or more. That's not the only expense though, respondents spent an average of $183,000 more for other costs resulting from the attack.
Cyber insurance covered only about 60 percent of the ransomware payment and other costs. What's more despite paying a ransom, only 57 percent of respondents got all their data back.
"The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it," says Jon Toor, chief marketing officer at Cloudian. "Cyberattacks can penetrate even the most robust defenses, so it’s critical that organizations prioritize being able to recover quickly from an attack. The best way to do so is to have an immutable backup copy of your data, which prevents hackers from encrypting or deleting the data for a specified period of time. As a result, organizations can recover an unencrypted copy of their data in the event of an attack without having to pay the ransom."
The full report is available from the Cloudian site.