Regardless of size or industry, every organisation has the potential to become a victim of ransomware, according to a security awareness training and simulated phishing provider. The widespread, opportunistic nature of many attacks, mixed with an improvement in phishing-based social engineering, has led cybercriminal organisations to take the “shotgun” approach, targeting every business for whatever ransom can be paid, it’s claimed.
KnowBe4 surveyed more than 500 organisations around the globe to determine the impact a ransomware attack has on an organisation, including who is at risk, what is being held for ransom, what does it take to remediate and how does it impact the overall organisation. Midmarket organisations (1,000 to 5,000 employees) were hit the hardest with ransomware in 2017, with 29pc of those surveyed indicating they experienced a ransomware attack. Organisations in manufacturing, technology and consumer-focused industries experienced the most ransomware attacks. As for impact on productivity: on average, 16 workstations, five servers and 22 users within an organisation were affected in a given attack with an average downtime of 14 hours.
While most organisations do not pay the ransom, the ransoms ranged from $500 to $1m (US dollars). Most bitcoin-related ransoms were one to three bitcoins, ranging from $600 to $11,000.
Stu Sjouwerman, CEO of KnowBe4 said: “While ransomware attacks are becoming more and more sophisticated, they are preventable. As the report shows, endpoint protection solutions help protect against a material percentage of malware, but don’t actually put a stop to the threat.
“It’s only by adding continual testing and training of employees that organisations create their strongest security posture and see a material decrease in both ransomware and external malware attacks. This shows a well-implemented security awareness training program makes an organisation much less susceptible to an attack. As these threats continue to grow, it’s imperative that organisations mobilise their last line of defence – their employees – to help protect against this threat.”
To view the report visit the KnowBe4 website.
