EDITOR ’ S QUESTION
WHAT ARE THE PROPER PRECAUTIONS TO TAKE TO AVOID A RANSOMWARE ATTACK ?
Cloudian has issued its 2021 Ransomware Victims Report , based on an independent survey of 200 IT decision makers whose organizations experienced a ransomware attack between 2019 and 2021 .
• 49 % of respondents had perimeter defenses in place prior to the successful attack .
• Public cloud was the most common point of entry for ransomware , with 31 % of respondents being attacked this way .
The survey found that traditional ransomware defenses are failing , with 54 % of all victims having anti-phishing training and 49 % having perimeter defenses in place at the time of attack .
Citing this and other findings from the survey – including the widespread impact of the attacks and the average financial costs totalling over US $ 400,000 – the report calls for organizations to focus greater attention on putting systems in place that enable quick data recovery in the event of an attack , without paying ransom .
Despite defensive measures , ransomware gets in
Many organizations spend large portions of their cybersecurity budget on defensive measures such as anti-malware software and anti-phishing training for employees . Despite these efforts , however , ransomware attacks have become increasingly sophisticated , enabling cybercriminals to penetrate the defenses . The survey found that :
• Phishing continues to be one of the easiest paths for ransomware , with 24 % of ransomware attacks starting this way .
• Phishing succeeded despite the fact that 54 % of all respondents and 65 % of those that reported it as the entry point had conducted anti-phishing training for employees .
Attackers move fast and the impact is widespread
Once cybercriminals are able to insert ransomware , they can quickly take over and significantly impact all aspects of an organization :
• 56 % of survey respondents reported that attackers were able to take control of their data and demand ransom within just 12 hours , and another 30 % said it happened within 24 hours .
• More than half of those surveyed said the attacks significantly impacted their financials , operations , employees , customers and reputation .
The financial costs go beyond just ransom payments
Ransom payments are significant and rising , but they ’ re not the only costs of an attack . For the 55 % of respondents that chose to pay the ransom :
• The average ransom payment was US $ 223,000 , with 14 % paying US $ 500,000 or more .
• They spent an average of US $ 183,000 more for other costs resulting from the attack .
• Cyber-insurance covered only about 60 % of the ransomware payment and other costs , presumably reflecting deductibles and coverage caps .
• Despite paying ransom , only 57 % of respondents got all their data back .
32 INTELLIGENTCIO APAC www . intelligentcio . com