Attacks and payments are down -- but don't write off ransomware yet
A quarter of US organizations were victims of ransomware attacks over the past 12 months, a steep 61 percent decline over the previous year when 64 percent fell victim.
In addition a new report from Delinea finds that the number of targeted companies who paid the ransom declined from 82 percent to 68 percent, which could be a sign that warnings and recommendations from the FBI to not pay ransoms are being heeded.
Based on a survey of 300 US-based IT decision makers, conducted by Censuswide, the report shows that larger companies are much more likely to be victims of ransomware, as 56 percent of those with 100 or more employees say they were victims of ransomware attacks.
However, the survey also raises concerns that a potentially reduced threat could lead to complacency. Budget allocations for ransomware are in decline, as only 68 percent of those surveyed say they are currently allocating budget to protect against ransomware compared to 93 percent the prior year. The number of companies with incident response plans in place has also declined from 94 percent to 71 percent, and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51 percent) and using multi-factor authentication (50 percent).
"The reduction of ransomware attacks is an encouraging sign, but organizations need to make sure they keep their guard up against this constant, evolving threat," says Art Gilliland, CEO of Delinea. "Staying vigilant by maintaining a strong least privilege approach backed by stronger password protection, authentication enforcement, and access controls can help continue this downward trend."
The report also looks at the tangible effects of attacks with more respondents saying that their companies lost revenue (56 percent) and customers (50 percent) compared to the previous year. Fewer organizations (43 percent) report reputational damage as a result of being victims of a ransomware attack.
The full report is available from the Delinea site.