image004In a new Vanson Bourne survey of 500 cybersecurity image004.jpgdecision makers sponsored by SentinelOne, 48 percent said their organizations had been hit by at least one ransomware attack in the last 12 months, with the average victim hit six times.

Of those respondents whose organization has suffered a ransomware attack in the last 12 months, just over eight in ten (81%) report that the ransomware attacker gained access to their organization’s network through phishing via email or social media network.

Half (50%) report that the attacker gained access through a drive-by-download caused by clicking on a compromised website, and four in ten (40%) state that it was through an infection via a computer that was part of a botnet.

Practically all of them (94%) stated that there was an impact on their organization as a result of these ransomware attacks. The most common impacts are increased spending on IT security (67%), and change of IT security strategy to focus on mitigation (52%).

44% Say Antivirus Is Dead But 85% Still Run It

Over five in ten (54%) of those surveyed agree that their organization has lost faith in traditional cyber security and over four in ten (44%) also agree that antivirus is dead. Despite this, the majority (85%) of respondents’ organizations install antivirus on all company owned static devices.

Just under two thirds (65%) of respondents agree that traditional cyber security techniques cannot protect them from the next generation of malware like ransomware attacks. Over seven in ten (71%) agree that they need a new solution to protect organizations from ransomware.

Fewer than half (45%) of respondents whose organization has suffered a ransomware attack in the last 12 months report that the attacker was able to encrypt some files/data, but their organization was able to decrypt them.

Moreover, around a quarter state that the attacker was unable to successfully encrypt any files/data (27%), or that the attacker was able to encrypt some files/data, but a back-up was held and respondents’ organizations were able to replace the encrypted files (25%).

On average, this replacement process took 33 employee hours.

Of the respondents whose organization has suffered a ransomware attack in the last 12 months, employee information (42%), financial data (41%) and customer information (40%) were types of data most likely to have been affected by these attacks.

Only 54% Notified Law Enforcement

Just over six in ten (61%) respondents state that upon suffering a ransomware attack, they did or would notify the CEO/board. Around half of respondents did/would notify law enforcement (54%) and lawyers (50%), but only 38% did/would notify customers. Here is the full report with all results: https://go.sentinelone.com/rs/327-MNM-087/images/Data%20Summary%20-%20English.pdf

Numbers like this make it clear as daylight that you need to step your users through new-school security awareness training as ransomware mitigation step number one.

The choice is simple. Two options:

A) Spend an average of 33 hours restoring a backup which is a major pain in the neck.

B) Spend less than one hour to upload your users, schedule training and then phish your users which is a lot of fun.

Your choice.

Q4 is the time of year to get budget for this and a PO cut, so that you can do your baseline test and start the new year with an effective awareness program that your employees are going to love.

You know what comes out of the mouth of your users after they stepped through the training? "Wow, I did not know it was that dangerous on the internet, how do I share this with my family?" And we are happy to say that we have that covered.

Get a quote now. Find out how affordable this is for your organization and be pleasantly surprised:

Middleground Enterprise Security Training