Ransomware has become more pervasive and more sophisticated, challenging organizations to combat attacks that occur at greater frequency and greater complexity. A report released Wednesday by security provider Menlo Security looks at the obstacles faced by organizations as they struggle to protect themselves against the latest wave of ransomware.
How often are IT leaders encountering ransomware?
Among the respondents to the report,“2022 Impacts: Ransomware attacks and preparedness,” one-third said that their organization is hit by a ransomware attempt at least weekly, with 9% reporting attacks more than once each day. More than half (53%) of the organizations have been the victim of a successful ransomware attack over the last 18 months.
The top three entry points through which ransomware gained a foothold in the reported attacks were email at 54%, desktop browsers at 49% and mobile devices at 39%. Other gateways for a ransomware attack included social media, USB devices, a physical security breach and social engineering. However, 17% of respondents who reported an attack over the past 18 months couldn’t identify how the attackers compromised their organization.
Biggest ransomware challenges IT pros face
Asked to identify the biggest challenges in protecting their company against ransomware, 35% of those surveyed cited evolving threats, while 34% pointed to remote workers. Some 43% of the respondents said they consider employees to be the weakest point in their cybersecurity chain. With the rise in remote and hybrid work, security professionals now face the challenge of trying to incorporate unmanaged devices into their security strategy.
Some 41% of the respondents said they worry about ransomware attacks evolving beyond their own knowledge and skillset, while 39% are concerned about them growing beyond their organization’s security capabilities.
Security teams rely on a variety of tools and technologies to try to combat ransomware attacks and other threats. Asked to identify the tools that they use to prevent ransomware, 74% pointed to firewalls, 66% to network perimeter strength, 62% to phishing protection and 61% to mobile device protection. Endpoint protection was cited by 60%, employee education by 59%, and remote worker protection by 56%.
SEE: Mobile device security policy (TechRepublic Premium)
Ransomware attack response
How do IT decision makers respond to a ransomware attack? Almost half (45%) said they implement a data backup and recovery plan, 39% try to determine the impact and damage of the attack, 37% quarantine all affected endpoints, 37% inform employees and 33% inform affected customers. Some 29% said they contact the CEO or board of directors and wait for a response, while 10% said they don’t know what their first step would be.
To pay or not to pay the ransom is always a key question in an attack. Some 65% of the respondents said they’d pay the ransom, 31% said their insurance company should pay it and 18% said the government should pay it. More than a quarter (27%) said they would never pay the ransom. Among all the pros surveyed, one in three said they would worry about paying the ransom and not getting their data back.
Increasingly, companies are turning to cyberinsurance to help cover the financial costs of a ransomware attack or other breach. Among the respondents, 76% said they have cyberinsurance, 17% didn’t know if they had it, and 7% said they don’t have it. But insurance payouts aren’t necessarily enough to cover the full damage. Those surveyed said they think the average cost of a ransomware attack is around $326,000. Insurance payouts average $556,000. However, the average cost to recover from an attack in 2021 was $1.4 million, according to data from Sophos.
To better protect your organization from ransomware attacks, Mark Guntrip, senior director for Cybersecurity Strategy, at Menlo Security offers some advice.
“The optimal time and place to prevent a ransomware attack is before the initial incursion happens,” Guntrip said. “If the threat can be prevented at this point it means that the rest of the infection chain never happens. Companies can be secure that the attacker is not on their network and they can’t suffer an additional reinfection. This is a shift from the detect and remediate mindset that is popular today (EDR, MDR, XDR, etc.), to one that relies on true prevention rather than fast detection.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Further, the top three vectors for ransomware attacks as noted in the report were email, desktop browsers, and mobile devices. As such, organizations should focus on those three entry points in prioritizing their security efforts.
“Utilizing security capabilities that are powered by isolation can act as the preventative measure across these ransomware entry points,” Guntrip said. “Rather than relying on detection by legacy technology such as a sandbox or HTML analysis, for example, an isolation approach to security enables end users to access the resources they want and on the device that they choose, but without the risk of malicious content reaching the endpoint.”
To generate its report, Menlo Security commissioned Sapio Research to survey 505 IT security decision makers working for organizations with 1,000 or more employees. The survey results included responses from security professionals in the U.S. and U.K. with IT manager level or C-level status.