With recent global ransomware outbreaks like WannaCry, NotPetya, and BadRabbit making headline news, it probably comes as no surprise that the number of ransomware attacks is, in fact, on the rise.
To gauge just how serious the threat of ransomware has become, our team at Barkly partnered with Cybersecurity Insiders and Crowd Research Partners to assess the state of ransomware in 2017. Our goal: to determine the risk of infection, and, more importantly, the level of confidence IT and cybersecurity professionals have in their current ransomware defense.
What we found: in many organizations, the level of preparedness is alarmingly below the perceived threat level. Here are some highlights of the most significant findings.
Ransomware threat is huge and growing
Ransomware, one of the fastest-growing security threats affecting organizations of all sizes, is viewed as an extreme or moderate threat by 80% of IT and cybersecurity professionals we polled. In fact, a third reported they had already been the victim of a ransomware attack. Of those, 75% had been hit by as many as five attacks in the last year alone. One-fourth experienced six attacks or more. It’s clear — ransomware has IT and security folks looking over their shoulders for the next attack to hit.
How are these attacks getting in? Through the most common business communication channel: email. Among those infected, malicious email attachments (73%) and phishing emails (54%) were the most common points of entry.
Looking ahead, nearly 80% said they believe ransomware will become an even greater threat, and nearly half said their organization is very or extremely likely to be a target. That’s a sobering outlook from those working hard to protect their company’s network.
Ransomware damage can be devastating
With attacks on the rise, the damages caused by ransomware are expected to exceed $5 billion in 2017 alone, a 15x increase over just two years ago.
That figure actually excludes any ransom payments. In fact, for most organizations, the ransom is a relatively minor concern. More than three-quarters say they’d never even consider paying the ransom. That doesn’t mean they don’t pay a heavy price, however. About 40% of ransomware victims say attacks caused both downtime and productivity loss. Attacks also drove half of companies to shift their IT focus from strategic priorities to mitigation, and 41% increased IT spending as a result.
Of course, none of this takes into account the cost to an organization’s reputation and brand. Nor does it factor in that certain industries (like healthcare) qualify ransomware attacks as data breaches, resulting in potential regulatory fines for noncompliance.
Confidence is wavering
Clearly the threat is very real. Yet, surprisingly, the majority of cybersecurity pros we surveyed (59%) are either not confident at all or only slightly to moderately confident in their ransomware defense. While many do have an incident response team in place, most are relying on anti-malware/antivirus, email and web gateways, and intrusion detection systems to detect ransomware. Since many ransomware attacks leverage sophisticated polymorphic techniques or abuse legitimate software (like Microsoft Office macros or PowerShell) to evade detection, these organizations are not sufficiently protected with file-based approaches.
Similarly, more than half of the cybersecurity experts we heard from lack confidence in their organization’s ability to remediate an infection, although ironically, about the same number think they could recover from a ransomware attack within one day. That speed is likely aspirational considering that 72% of businesses infected with ransomware lost access to their files for at least two days, and one-third lost access for five days or more.
This overall lack of confidence may stem from resource deficiency. Among those we surveyed, 52% indicate lack of budget and 33% indicate lack of human resources are major obstacles in achieving stronger ransomware defense, complicated by the rapidly evolving sophistication of attacks.
Fight ransomware with layered security
Ransomware isn’t going away. If anything, the problem is only becoming more urgent. The good news is there are new endpoint solutions available that make it possible to meet the challenge of ransomware head on.
Combined with a robust backup strategy, these solutions can re-instill an organization’s confidence in its ability to prevent successful infections in the first place. IT and security leaders should investigate their options to determine the right solution for blocking these attacks before they have a chance to cause damage and disruption.
Mike Duffy is CEO and co-founder of Barkly, which specializes in endpoint protection.