Ransomware Attack Study Highlights 9 Important Lessons
Just as forecasters have been predicting, ransomware became one of the biggest global security threats in the workplace in 2016.
Ransomware is malicious software that infects a computer and blocks access to computer files and IT systems until a ransom is paid.
Any business in any region is incredibly vulnerable to a ransomware attack, concluded the State of Ransomware study, which was published in August and surveyed CIOs, CISOs and IT Directors at companies in the US, Canada, UK and Germany.
Ransomware in exploit kits increased 259% in the last five months alone, said a study spokesperson. Also, of the nearly 80% of U.S. companies and 70% of U.K. companies that experienced a cyber attack in the last year, more than half of the incidents were ransomware.
Here are 9 lessons about ransomware that organizations need to know:
- Ransomware attacks can significantly disrupt business operations and productivity. Organizations spent at least 9 hours on remediation in more than 60% of attacks; 63% spent more than one business day trying to fix endpoints. A breach response plan must be in place.
- Healthcare and financial services are heavily targeted. The study showed that both sectors were targeted well above the average ransomware penetration rate of 39%. Every organization must improve security safeguards.
- Hackers use ransomware for fast cash. Almost 60% of attacks demanded over $1,000, over 20% wanted more than $10,000, and 1% asked for over $150,000. U.S. organizations in the study were less likely to pay the ransom than German, U.K. and Canadian organizations. A Trend Micro blogger pointed out that paying the ransom means you are a proven-paying customer – and more ransomware-related spam may result.
- Many workplaces still lack basic ransomware protection. In about half of companies that experienced an attack, ransomware gained access via a desktop computer – “where enterprise security controls and policies would be presumed to be strongest”, pointed out the study.
- Layered defense is part of ransomware security. Over 40% of attacks impacted more than a single endpoint. Layered defense consists of different hardware and software solutions including the latest malware and anti-virus safeguards. Utilize strong detection technologies too.
- Phishing and other social engineering play a big role. Globally, 46% of ransomware attacks originated from email links and attachments. On-going training must include how to understand ransomware threats. Employees should know both prevention and detection strategies.
- A comprehensive document management policy is important. Store information in a secure and digitally isolated location, and back up data regularly. The study showed that restoring endpoints from backups can be an effective method for recovering from a ransomware attack.
- Share ransomware intelligence. In the U.S., the Cybersecurity Information Sharing Act was passed so organizations would share information about cyber threat indicators and defensive measures against cyber attacks.
- Keep only the confidential information that is necessary. Do not stockpile confidential data or hard drives. Securely dispose of all confidential information that is no longer needed. Partner with a document destruction leader that helps protect the workplace with secure hard drive destruction and other services.
Protect your organization by utilizing security best practices in every aspect of document handling.