Ransomware Hit Nearly 50% Of Businesses In 2015: Study - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/3/2016
01:06 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Ransomware Hit Nearly 50% Of Businesses In 2015: Study

Last year nearly half of businesses were attacked with ransomware, which caused 34% of enterprises to lose revenue and 20% to cease operations immediately.

9 Promising Cloud Security Startups To Watch
9 Promising Cloud Security Startups To Watch
(Click image for larger view and slideshow.)

Businesses are challenged to mitigate a growing danger from ransomware, which has become one of the world's biggest cyber-security threats.

This discovery comes from a new report called "State of Ransomware" (registration required) published by Malwarebytes. The anti-malware software vendor partnered with Osterman Research to learn more about the severity of the ransomware risk.

Their survey measured the frequency of cyber-security attacks, how attacks work within the enterprise, infiltration points, ransom cost, impact, and company preparedness, among other factors.

[Read: Companies lack the policies and knowledge for data theft prevention.]

Survey responses came from 540 CIOs, CISOs, and IT directors and managers knowledgeable about security. Participants represented companies with an average of 5,400 employees across the US, Canada, Germany, and the UK.

Results revealed nearly 80% of organizations surveyed have been the victim of a cyberattack, and 47% have been the target of a ransomware attack over the past 12 months. Of the enterprises targeted by ransomware, 34% lost revenue and 20% had to cease operations immediately.

"Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone," wrote Nathan Scott, a ransomware expert and Malwarebytes' senior security researcher, in a statement.

It's a problem costing some businesses a lot of money. Nearly one-third of ransomware victims have received demands of $500 or less, an amount typically related to a spam-type of attack. Nearly 20% of victims have received demands exceeding $10,000, which is usually the sign of a more targeted attack.

However, not all businesses pay the ransom. On average, 37% of organizations surveyed said they pay the demanded ransom following an attack. Businesses in the US were far less likely to pay after being infected with ransomware, according to the report.

The most highly targeted companies of ransomware attacks are those in healthcare and financial services, which the report noted "comes as no surprise." Businesses in both industries heavily rely on access to business-critical information. As a result, they are top targets for cyber-criminals producing ransomware.

Businesses within the US have demonstrated commitment to addressing the ransomware threat. More than half consider investments in tech-based solutions and end-user ransomware education to be "high" or "very high" priority, according to survey respondents.

(Image: Mikkelwilliam/iStockphoto)

(Image: Mikkelwilliam/iStockphoto)

This is significant because the study found US businesses offer less ransomware-related training than businesses in other countries -- despite the fact that organizations in US experience higher levels of security-related attacks and "a significant level" of ransomware attacks.

The increased risk of ransomware arrives at a time when IT managers are struggling to hire employees with the right skills to defend corporate networks. A global lack of cyber-security talent is leaving businesses around the world vulnerable to attacks.

A report titled "Hacking the Skills Shortage," published by Intel Security, indicates the skill shortage is posing a danger to organizations. The majority of survey respondents (82%) report a lack of cyber-security skills, which has led to reputational damage and loss of proprietary data via cyberattack.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/22/2016 | 9:59:27 PM
Re: US cyber education
@vnewman2: Of course, regular people have known this for quite some time anyway.  Once staff starts considering the dictates of the IT department ridiculous and accordingly holds the IT department in low regard and disrespect, then no amount of policy can save you.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/22/2016 | 9:57:42 PM
Re: US cyber education
@tjgkg: I can certainly wait on biometrics.  I mean, don't get me wrong, multifactor is well and good.  But biometrics alone?  You only have ten fingers and ten toes -- compared to the number of possible passwords there are out there.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/22/2016 | 9:56:21 PM
Re: US cyber education
@tjgkg: Recent research has shown that mandating regular password changes actually decreases and lowers security -- particularly because people tend to pick similar passwords.  Consequently, if a password gets compromised, it may not be difficult to guess what the changed password is -- particularly if multiple samples are available/compromised.

Plus, anything that makes people hate the IT department is just going to wind up causing more harm than good as people find ways around the rules and protocols.
jastroff
50%
50%
jastroff,
User Rank: Ninja
8/10/2016 | 1:40:03 PM
Re: US cyber education
Your firm should hire Kalinda who out did the ransome guy --

but that's only on tv...
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/10/2016 | 12:51:54 PM
Re: US cyber education
You know ransomware is an issue when they talk about it on the "Good Wife."

We did a security presentation to our executive committee which had all sorts of fun-facts about the systems and software we deploy to detect and prevent threats to our network.  We also included a short video clip from the "Good Wife" depicting a ransomware attack. 

The feedback we received after?  "I loved the video!"
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/10/2016 | 12:23:23 PM
Re: US cyber education
Probably not many and if they do, they probably have them saved in an excel spreadsheet somewhere which is much worse. 
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/10/2016 | 9:05:14 AM
Re: US cyber education
I wonder how many people radically change their passwords when required. Most folks just change a letter or number so it is easy to remember. Maybe those that change it from something strong to something easier as time goes on are the ones that compromise their systems. Can't wait for the biometric password systems to become more prevalent.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/9/2016 | 12:07:49 PM
Re: US cyber education
Funny how we've been indoctinated to think changing our passwords are for our own good.  Only for the FTC to recently reverse their stance on it claiming the act often results in the creations of passwords that are much easier to crack or guess.

'Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases.'
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/9/2016 | 11:26:25 AM
Re: US cyber education
Make sure you have antivirus and firewall software installed on your pc, then.....

Keep your anti-virus definitions updated.

Keep your firewall updated.

Make sure you have backups on the cloud and on media.

 
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/9/2016 | 11:23:15 AM
Re: US cyber education
That is an interesting policy. First time I have heard of it. An additional safeguard for company passwords is to require them to be changed on a periodic basis. Our company does that. It drives me crazy but I have not had any problems. Plus it is good exercise for the brain.
Page 1 / 2   >   >>
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll