Ransomware is now the biggest security threat for organizations worldwide. Recent WannaCry and Petya attacks have heightened these fears, forcing companies to re-evaluate their security measures and policies. The reactive approaches companies are taking is slightly problematic because cyber criminals are only getting more sophisticated...attacks are escalating, new strains are constantly being developed and employees are still not aware of what ransomware is, making it difficult to stay one step ahead of the cyber criminals.
Here are some statistics and trends about ransomware that your organization should be aware of that will assist you when planning your cyber security policies.
1. Myth — only certain industries and organizations are targeted
Fact: Every industry and organization is at risk. Cyber criminals simply want money, hence why they target businesses of all sizes. Although big businesses have the multi-million dollar budgets, smaller organizations are also targeted because they are in fact most likely to pay the ransom because lengthy periods of downtime or data loss will put them more at risk of going out of business.
2. Two thirds of ransomware infections in Q1 2017 were sent via Remote Desktop (RDP)1
Working remotely coupled with BYOD is where most vulnerabilities are stemming. With statistics showing that 66 per cent of employees don’t know what ransomware is, mitigate risk within your organization and train your entire staff on best practices regarding phishing emails and links, malicious websites, etc.
3. Phishing techniques have become much more advanced
Prior to 2015, phishing tactics used to consist of mass email campaigns trying to trick unsuspecting victims. Most knew they were involved in a scam as these emails were littered with spelling and grammar mistakes, incorrect branding in messages, wrong/outdated company logos, etc. Now, cyber criminals carry out targeted and focused tactical email campaigns as part of phishing attacks and with new natural language processing enhancements (including AI technology), this has fixed the majority of the grammatical errors, making malicious websites and emails that much more difficult to detect.
4. Downtime when recovering files is hurting most companies
Reports from Gartner calculated that downtime can reach 87 hours a year (about 200 minutes on average) ranging anywhere from a few minutes to a few hours. When network services are unavailable, employees can’t work, and the duties that they perform to keep your organization afloat aren’t getting done. Downtime as a result of a ransomware attack means loss of productivity, profit and customers. Depending on the size of your business, minutes or hours of downtime may result in your organization going out of business.
Here are other ways downtime can affect your organization:
- Threats of lawsuits – Businesses could be at the receiving end of lawsuits if they do not have proper cybersecurity protocols in place.
- Data breaches – If personal data was leaked or deleted this may result in litigation or fines for not adhering to compliancy.
- Damage to brand reputation – If you’re not able to serve your customers due to downtime, your customers may vent on social media platforms, causing damage to your brand image.
- Loss of profit – On average, businesses lose between $84,000 and $108,000 (US) for every hour of IT system downtime. For a large organization, this may result in higher costs with little impact to their business but for small-medium sized business, the hourly cost may be lower, however the negative impact on the business is usually much larger.
Are you ready to learn how our solution can help your organization survive after a ransomware attack?
1. Crowe, Jonathan. "Ransomware Growth by the Numbers: Ransomware Statistics 2017." www.blog.barkly.com. n.p., June 2017. Web. July 2017.