Why knowledge is key in the fight against ransomware

1 Feb 2018

Phishing emails often contain ransomware. Image: Nomad_Soul/Shutterstock

A new survey from Sophos reveals the ransomware anxieties of IT professionals around the globe.

A major new survey carried out by Vanson Bourne on behalf of Sophos has uncovered fascinating insights into endpoint security in mid-sized organisations.

2,700 IT managers in organisations of 100 to 5,000 users in France, the US, the UK, Germany, South Africa, Mexico, Japan, India, Canada and Australia took part.

Ransomware is a growing problem

To the surprise of nobody, ransomware continues to be a major global problem, with 54pc of organisations surveyed hit in the last year and 31pc expecting to fall victim in the future.

Ransomware is, sadly, not always a one-off incident, with affected organisations suffering two attacks on average in the last year.

India was worst hit by ransomware attacks, with 67pc of respondents from the country reporting an attack, while Japan only saw 41pc of organisations affected.

This is largely to do with the language of the phishing emails used to begin ransomware campaigns. English-language emails can be used in several of the countries surveyed, but an email in Japanese will only cover a small geographic area.

Healthcare organisations worst hit

In terms of industries that are worst affected, healthcare organisations stand out, with 76pc stating they had been victims of ransomware incidents. Financial services are least likely to suffer a breach but that doesn’t mean the pressure is off –45pc of those in this industry were affected.

The perception of the ageing IT infrastructure of the healthcare industry sees it becoming something of a soft target, as well as the budgets for cybersecurity being relatively small in this sector.

For cyber-criminals, size doesn’t seem to matter. The likelihood of organisations with 100 to 1,000 users to fall victim is 50pc, while those in the 1,001-5,000 user category face a 58pc risk.

Organisations are aware of traditional endpoint protection, with more than three-quarters of victims running up-to-date endpoint security, but more than 50pc lack any kind of specialised anti-ransomware technology.

The median cost of a ransomware attack is close to $133,000, and 21pc of affected organisations paying out between $70,000 and $133,000 in 2017.

What can organisations do?

Preparation is key, according to Sophos. “Start with knowledge. Make sure you educate yourself and your end users. Train your employees with attack simulations so they can identify an attack if they see one.

“End users – and human error – is so often the weakest link in your security, but well-trained users can be your strongest asset.”

Investigating specialised technology options is also a recommended course of action, as well as keeping your existing tech upgraded and updated if necessary.

Technological advances such as machine learning are coming to the fore in terms of IT infrastructure, with 60pc of those surveyed planning to implement predictive threat technology within the next 12 months.

The surveyed professionals were almost unanimous in their belief that stopping malware threats is becoming harder, with 87pc saying threats have become more complex over the last year.

Sophos concluded by saying that an overall lack of knowledge is a major risk to organisations, but one that can be mitigated. “The gap is growing between the knowledge and skills of the attackers, particularly around the areas of ransomware and exploits, and that of the IT professionals charged with stopping them.

“Although this creates an opportunity for cyber-criminals, it can be addressed through education.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects