Businesses need to focus on the basics to defend against ransomware

A new whitepaper released today by O'Reilly and based on a survey of tech professionals experiences of ransomware concludes that basic security practices like backups are key to surviving an attack.

Of 950 respondents to the study only six percent had experienced a ransomware attack directly in the organization they work for and, by and large, these organizations have strong security measures in place.

However, while 70 percent report that their companies regularly perform backups, less than half (48 percent) say that their company regularly practices restoring from backups, signaling a lack of preparedness in the event of a ransomware attack.

In addition 79 percent of survey respondents say that their company has processes for updating critical software, including browsers. 76 percent of respondents say that their company uses two-factor or multi-factor authentication, while 14 percent are unsure. 60 percent of respondents are confident that their organization has enough of a focus on security to defend against a ransomware attack; while 28 percent think 'maybe', and 12 percent say 'no.'

"Whether or not they pay, ransomware victims frequently face revictimization because they never fix the vulnerability that allowed the ransomware in the first place," says Mike Loukides, vice president of content strategy at O'Reilly, writing on the company's blog. "So they pay the ransom, and a few months later, they’re attacked again, using the same vulnerability. The attack may come from the same people or it may come from someone else. Like any other business, an attacker wants to maximize its profits, and that might mean selling the information they used to compromise your systems to other ransomware outfits. If you become a victim, take that as a very serious warning. Don't think that the story is over when you've restored your systems."

You can read more on the O'Reilly site.

Photo Credit: Carlos Amarillo/Shutterstock