Security challenges

How are IT leaders responding to ransomware?

Responding To Phishing Attack 1440X320

Ransomware is a key business focus for organizations worldwide. Last year was littered with cybercrime, and the Allianz Risk Barometer places cyber incidents as the most important global business risk for 2022.

Ransomware can affect businesses of all sizes, meaning nobody is safe from becoming a target. In 2021, we saw the average cost of data breaches rise to its highest in 17 years – from $3.86m to $4.24m – this means an attack could have serious monetary consequences as well as a loss of data, reputation, and time.

Egress recently surveyed 500 IT leaders to better understand how they’re responding to the threat of phishing – the primary delivery vector of ransomware. Fighting phishing: The IT leader's view dives into the challenges facing IT leaders and what they’re doing to combat these threats. Let’s look at how they’re responding to the specific problem of ransomware.

What are the risks?

Cloudwards' research states that global ransomware costs totaled $20bn in 2021, affecting 37% of all organizations. The Fighting phishing: The IT leader's view report found the figure to be even higher, with a huge 59% of surveyed organizations falling victim over the last year.

The risks associated with ransomware are numerous and include:

  • Loss of data
  • Costly ransom demands
  • Regulation breaches
  • Loss of reputation and, ultimately, customers

Another risk of ransomware is that it opens a business up to further attacks. Cybereason research shows that 80% of businesses that fall victim to ransomware end up suffering another attack in the future. 46% of those are targeted by the very same cybercriminals who attacked them in the first place. 

While many IT leaders understand the risk of ransomware, only 23% of our surveyed IT leaders said that ransomware was the top priority for their board, despite the long-lasting ripple effects an attack can have.

How many businesses pay the ransom?

If you do get hit, the question is: do you pay the ransom or not? Our survey showed that 61% of organizations decided against paying the ransom after being hit by cybercriminals, while 39% paid. Out of the IT leaders yet to be hit by ransomware, 80% said they would not pay – possibly underestimating the likelihood of paying out.

If you are targeted, the options include paying the ransom for the key to decrypt your files or rebuilding the affected IT system from the ground up. Incident response planning and consistent back-ups have a big part to play here. It’s likely that those who refused to pay the ransom had security measures in place to allow them to recover the stolen data.

How are organizations defending against these attacks?

Many businesses are now sitting up and taking notice of the risks. Of those we surveyed, 72% of organizations have cyber insurance in place, 64% have retained legal counsel to reduce breach impacts, and 55% have invested in forensic investigation. It's interesting to note these are all preventative measures, designed to help after a ransomware attack or data breach has already struck.

But preventing human error is the best cure when it comes to cybercrime.

The report found that people clicking malicious email links (52%) and opening malicious email attachments (45%) are the leading cause of ransomware attacks. It's impossible to fully police what all workers are doing on their computers all the time, which means having solid defenses in place that can detect email phishing is crucial. 

The only way to avoid having to make the decision on whether or not to pay a ransom demand is with preventative measures. The cycle of human error causing ransomware attacks via email links and attachments can be broken by software that scans and flags ransomware-infected emails. That immediately closes off the easiest, most-used way for cybercriminals to get ransomware into your system.

Organizations at risk

Never assume that cybercriminals won't be interested in your business. No matter what size or turnover, there's a hacker interested in stealing from you. 

Modern cybercriminals do a great deal of research when choosing their targets. They can also purchase detailed information about businesses on crime-as-a-service marketplaces located on the dark web.

Some of the factors criminals consider when choosing a victim are:

  • What security devices they have in place
  • Whether there is already a known entry point for attack
  • Whether they have paid a ransom before

Cybercriminals also do their homework on whether a business has cyber insurance, as a common tactic is to set a ransom that's slightly below the insurance payout threshold. That way, it's more likely to be paid. 

Looking for more?

To learn more about how IT leaders are responding to ransomware and other phishing threats, download the full Fighting phishing: The IT leader's view report today.

You might also be interested in ...

Businesses warned to boost cyber defenses due to Ukraine tensions

After a week of diplomatic discussions over the ongoing tensions in Ukraine, cybersecurity concerns have come to the fore. Regulators have strongly advised businesses to improve cybersecurity in the face of potential attacks.

The Trouble With DMARC

The growing response by mainly large organisations is to turn DMARC. (Domain-based Message Authentication, Reporting, and Conformance), an open standard that can help prevent phishing attacks.

Can artificial intelligence stop people from being phished?

It's impossible for users to catch every phishing email. Learn how AI-based solutions understand and support normal human behaviour.