Ransomware is one of the fastest growing cybersecurity threats, evidenced by the fact almost half of all cybersecurity decision makers polled for a Vanson Bourne survey reported their organizations had been hit by at least one ransomware attack in the last year. Disturbingly the average victim hit six times.
Common security safeguards such as email filtering, firewalls, and security awareness training still might not be enough to stop cybercriminals, according to a Barkly study, which found 95 percent of ransomware attacks are able to bypass firewalls; 77 percent successfully bypass email filtering; and one-third of all attacks were successful even when the victims had completed security awareness training.
Now, a Carbonite report has found the majority of businesses are not prepared to face a ransomware attack. Rise of Ransomware details the scale and prevalence of ransomware in America with Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, saying, “This study reveals a startling prevention gap: most businesses are either underprepared for an attack — or even worse — underestimate the risk ransomware places on their broader organizations.”
- almost half (48 percent) paid the ransomware requested when attacked
- the average ransom request is $2,500
- 68 percent reported their company is “very vulnerable” or “vulnerable” to a ransomware attack
- 13 percent rated their preparedness for a ransomware attack as “high”
- 27 percent of respondents are confident their current antivirus software will protect their company from ransomware
According to the data, ransomware risks are significant. The primary losses businesses suffer include financial losses; extended consequences including investment in new technologies, lost customers, and lost revenue due to downtime; data exfiltration; and reputational risk.
“Ransomware will continue to outpace the rate at which businesses can defend against it,” said Norman Guadagno, chief evangelist at Carbonite. “If businesses take one insight away from this research, it is that you are not alone in feeling vulnerable to ransomware attacks. Now is the time to act: educate staff on simple measures you can take to avoid an attack and update your data protection measures now, before it’s too late.”