Businesses would be less likely to pay ransoms if payments had to be reported
A new report finds that although 37 percent of respondents would pay a ransom, more than half of this group (57 percent) would reverse that decision if they had to publicly report the payment.
The Ransomware Disclosure Act, a bill currently before the US Senate, would require companies to report ransomware payments within 48 hours and so could have a dampening effect on the crime's profitability.
The study by machine identity company Venafi of over 1,500 IT security decision makers also finds that 60 percent believe ransomware threats should be prioritized at the same level as terrorism. 22 percent of those surveyed believe paying a ransom to be 'morally wrong.'
More than two thirds (67 percent) of respondents from organizations with more than 500 employees say they experienced a ransomware attack over the last 12 months -- a figure that rises to 80 percent for respondents from organizations with 3,000-4,999 employees.
Despite the number of attacks 77 percent say they are confident the tools they have in place will protect them from ransomware attacks. Australian IT decision makers have the most confidence in their tools (88 percent), compared with 71 percent in the US and 70 percent in Germany.
"The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know -- these attacks are indiscriminate, debilitating and embarrassing," says Kevin Bocek, vice president ecosystem and threat intelligence at Venafi. "Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing, that are built into security and development processes."
You can find out more on the Venafi blog.