How Good are Organizations to Counter Ransomware Threat?
When WannaCry and Petya created the furor in the online world last year, a lot of the digital community was helpless and had no idea how to deal with it.
Everybody knows the harm a ransomware can do and the potential it carries to disrupt a process. Despite all these facts, some organization has not learned the danger and the importance of security. They are still clueless, how one day due to their carelessness; their entire business can be held at ransom by a few guys sitting across the continent.
Sophos commissioned a survey to study and understand the scope of the threat that a ransomware can have on the organization. It was found that endpoint security is still a matter to be taken seriously. There is a thin line between the security and hackers.
The survey was carried out in the organization that had more than 1000 employees in size, and other organization which had more than 100+ employees. The findings as below:
- 54% organization revealed they had no dedicated ransomware protection in place
- A 31% of respondents stated that they expect that someday they will be the victim of ransomware.
- Nearly 54% were hit by ransomware last year at an average of 2 attacks per organization.
- The affected organization had to shed around $133k – including the money paid as ransom and the cost of fixing the infrastructure.
- Nearly 77% of organizations had things covered and secured at the time of ransomware attack.
A general perception is that it only matters to them when they face it, so unless they are not attacked they will not learn the lesson. On the contrary, if we look at the survey results, ransomware rejects these findings, because the survey it shows how some organization was attacked twice. So it clearly shows that such organization is likely to fall prey again if ransomware is to unleash again.
Some industries think their business makes no significant difference to ransomware and they may not be attacked, and they themselves don’t give much emphasis to this threat. We have seen how Healthcare (75%), professional services, retailers, the utility company was the hardest to be hit.
The blame game is easy after the attack, but it makes no sense talking about vulnerabilities after you have lost the race. It is always a question of your dedication as to why you never thought it right to fix the patches and update the system.
But, going by that theory and as the survey suggests that responded say that they had all the updates and patches in place when the ransomware hit them. So this paradigm has to be kept aside since it has proven that traditional endpoint protection alone will not protect ransomware attacks.
Last year, after the ransomware took the world in its stride, and after the initial shock organizations geared up to curb this malicious practice. The priority only waned-off, and the organization are yet to put their act together. 45 percent organization believes that they know how serious the threat ransomware is, and they plan to implement security at the earliest.
As of now the technologies and tools to counter ransomware are effective. The ever-evolving threat of ransomware can be dealt with if organization keeps pace with security technologies before it is too late to recover.
Julia Sowells250 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.