Ransomware fallout is devastating and could often be avoided, study finds

3 years ago 474

Ransomware victims look tightened budgets, mislaid productivity and different problems. In astir cases, caller post-attack information measures could person prevented the ransomware onslaught if implemented beforehand.

istock-803934282.jpg

Image: Zephyr18, Getty Images/iStockphoto

A study connected the fallout from ransomware attacks performed by Keeper Security finds that astir each companies affected by ransomware noticed a business-wide ripple effect connected budgets, productivity, estimation and information posture. To marque matters worse, Keeper recovered that post-attack information implementations, if successful spot anterior to the ransomware attack, could person prevented astir attacks. 

"The realities of being deed by a ransomware attack, particularly for a smaller company, are overmuch much terrifying than astir radical realize," said Keeper Security CEO and co-founder, Darren Guccione. In its survey of much than 2,000 U.S. professionals, Keeper Security recovered that 93% of respondents noticed budgets tightening successful non-security departments aft a ransom payment, indicating that an full enactment shoulders the load of a palmy ransomware attack.

SEE: Security incidental effect policy (TechRepublic Premium)

As for paying ransoms, the percent really doing truthful whitethorn beryllium higher than previous estimates. Forty-nine percent of respondents said their institution paid the ransom, and 22% decided not to disclose that information, meaning the percent of businesses paying ransoms, which many information experts counsel ne'er to do, could beryllium importantly higher than antecedently thought. 

Business leaders, Keeper Security noted, "feel an unthinkable unit to forestall further malicious question wrong their web arsenic good arsenic to placate customers. Cybercriminals cognize and beryllium connected exploiting this frenzied authorities of mind" to person companies to pay. 

Being labeled a ransomware unfortunate carries a superior stigma, Keeper Security said, starring 15% of organizations not to disclose an onslaught to partners and customers, and 26% not to disclose their victimhood to the public. Attackers number connected this, Keeper said; similar the panic authorities of realizing you're a ransomware victim, the stigma gives attackers different portion of leverage to guarantee a payment. It's understandable that businesses consciousness this way: 64% said they deliberation being a ransomware unfortunate had a antagonistic interaction connected their reputation. 

For each the fearfulness and paranoia ransomware attacks induce, shockingly fewer businesses are taking steps to forestall them, the study found. For starters, 29% of employees said they weren't acquainted with ransomware until their institution became a victim, indicating that there's a startling deficiency of acquisition successful spot to thatch employees to beryllium alert of the hazard and however to forestall it. 

Half of ransomware attacks are triggered by a phishing email, which Keeper Security said "is a frightening denotation of however deficiency of consciousness remains an achilles bottommost for excessively galore organizations."  

The aftermath of a ransomware onslaught is simply a communal clip to instrumentality stricter information practices, which the study recovered 87% of organizations bash arsenic portion of their betterment efforts. Ransomware attackers spell aft low-hanging fruit, Keeper said. Organizations not utilizing multi-factor authentication are communal victims, indicated by the information that 62% instrumentality the practices pursuing a ransomware attack. 

Unfortunately for businesses opting to instrumentality bundle upgrades and caller information features aft a ransomeware attack, doing truthful has a antagonistic interaction connected day-to-day business. Seventy-one percent of respondents said updates impacted their productivity oregon their quality to transportation retired regular tasks, and 64% said they mislaid login credentials oregon important documents arsenic a effect of updates. Of those numbers, Keeper Security said they "further beryllium that the champion clip to instal important information updates is earlier the necessity is demonstrated."

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

Ransomware isn't going anywhere; if anything, attackers are becoming bolder and amended astatine exploiting susceptible companies. According to Keeper Security Chief Revenue Officer Mark Cravotta, galore of those companies tin instrumentality steps to support themselves, yet take not to.

"Given the overwhelming prevalence of these attacks, it's shocking to spot however galore employees are near successful the acheronian until it happens to them. Investing successful cybersecurity measures similar MFA, password absorption solutions and consciousness grooming mightiness look similar an unnecessary expenditure to companies with tighter budgets, but the costs airy successful examination to the ramifications of being the unfortunate of a ransomware attack," said Cravotta.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article