There is a growing volume of ransomware victims despite increased efforts to prevent it, according to a recent survey by KnowBe4, a popular security awareness training and integrated phishing platform. The study, which surveyed 1,138 companies across a variety of industries, compares levels of concern over ransomware from 2014 to 2016.
There was a huge jump in companies hit directly by ransomware — at 38 percent in 2016 compared to 20 percent in 2014. Mid-size companies (250 to 1,000 employees) were the hardest hit, at 54 percent. Two out of three respondents (65 percent) knew someone who was hit, compared to 43 percent in 2014. Apprehension over ransomware has risen to 79 percent from 73 percent of those who are very or extremely concerned about it. IT professionals surveyed are even more worried ransomware will continue to grow (93 percent this year compared to 88 percent in 2014). “The threat of ransomware is very real, and IT professionals are increasingly realizing traditional solutions are failing,” says Stu Sjouwerman, CEO of KnowBe4, which offers a program to educate employees on end-user security issues.
Sixty-one percent of the survey respondents feel email attachments pose the largest threat, compared to 47 percent in 2014. According to a report by EMA, 41 percent of employees still receive no security awareness training, and the programs that do exist have varying degrees of effectiveness. KnowBe4 recommends frequent simulated phishing attacks to keep employees aware and on their toes.
Backup is another popular solution to ransomware. But, according to a report by Symantec, 47 percent of enterprises lost data in the cloud and had to restore their information from backups, 37 percent of SMBs have lost data in the cloud and had to restore their information from backups — and 66 percent of those organizations saw recovery operations fail.
Observes Sjouwerman, “Our study shows corporate awareness of phishing attack vectors has increased, but users need more help as techniques evolve and criminal exploits become more sophisticated. The overwhelming majority of IT pros think the criminals behind ransomware should be prosecuted and sent to jail for a long time. KnowBe4 agrees, but U.S. law enforcement has no jurisdiction in Eastern Europe where these criminals are largely free to commit their crimes, and we have to rely on our own ingenuity to recognize these threats.”