Business Braces for More Ransomware Assaults
- 1 of
-
Business Braces for More Ransomware Assaults
Survey shows that most organizations expect an increase in cyber-attacks and are preparing for the onslaught, but faster patching and more training could help. -
Vast Majority Expect More Attacks
Fully 83% of those surveyed expect that ransomware attacks will become more prevalent on a global scale in the second half of 2017; 11% believe attacks will remain steady, 3% see a drop and 3% are unsure. -
Are Companies Ready for Ransomware Attacks?
37% are very prepared, 39% are somewhat prepared, 17% aren't sufficiently prepared, 5% are not at all prepared, 3% don't know -
Most Still Unscathed
Some 63% of the survey participants have not experienced a ransomware attack, compared to 27% who have and 10% who are unsure. -
Majority Would Just Say "No"
Almost three out of four survey respondents (72%) said their organization would not pay a ransom. Only 6% said they would, and 23% were unsure. -
Many React to WannaCry Attack
The WannaCry attack prompted 50% of the organizations in the survey to take new security precautions, but 27% said they didn't need to. Another 13% said they should, and 10% were unsure. -
Less Response to Petya Assault
Only 28% of the companies in the poll will take precautions because of the Petya attack, but 34% said they didn't need to. Another 14% said they should, and 25% were unsure. -
Split on Training
50% of the organizations participating in the study have trained their staff on ransomware, but 45% have not and 6% are unsure. -
How Quickly Is Software Patching Completed?
23% patch within 24 hours, 29% patch within 1 week, 20% patch within 1 month, 10% patch within 1 to 3 months, 4% take more than 3 months, 4% don't routinely patch, 10% are unsure
Cyber-security teams need to brace themselves for more action: Ransomware attacks are likely to increase during the second half of this year, according to a recent survey conducted by ISACA (Information Systems Audit and Control Association), a nonprofit group for IT and information systems professionals. More than four out of five survey respondents expect an upsurge in attacks, and most of them said they are at least somewhat prepared. Still, about one-fourth admit that they aren't ready, and fully half have not trained their employees to deal with ransomware. That's risky, warns ISACA CEO Matt Loeb, who says, "WannaCry, Petya, Cryptolocker … ransomware will continue to be news and become the norm. What's needed is protection before an attack—not just a swift recovery afterwards." Besides educating employees, enterprises should be more aggressive in applying software patches, which Loeb sees as critical to protecting an organization from the crippling consequences of an attack. The majority of organizations in the study have not yet experienced a ransomware attack, and only a very small minority of respondents said their organization would pay the ransom if it were hit. Still, complacency is dangerous. "Don't assume your enterprise 'might' be a victim of ransomware," Loeb stresses. "Assume it will. Every organization needs to focus on being prepared for the next ransomware attack, through training, frequent software updates or hiring highly skilled staff." The survey included 448 respondents. About half the participating organizations have fewer than 1,500 employees, 23 percent have 1,500 to 9,999, and 28 percent have 10,000 or more workers. They represent a wide range of industries, with financial/banking firms and technology services/consulting firms leading the way. The survey group covers the globe.